Re: [ietf-822] WSJ/gmail/ML, was a permission to... (off-topic)

Hi Miles,
At 11:42 05-05-2014, Miles Fidelman wrote:
> Well, I was using physical mail handling as an analogy, but... 
> Outlook supports delegated access rights for sending on behalf of, 
> as well as scheduling meetings on behalf of another mail user. Would 
> a recommend Outlook - that's a separate question :-)
Asking you to recommend Outlook is not something I would do. :-)

I have not tested Outlook.  Please do correct me if what I wrote is 
incorrect.  That MUA uses "Delegate Name on behalf of Manager Name" 
in the "From: header.  That's not what is in RFC 5322.
Here are some headers from a message:

  Return-Path: <[removed]@bounce.linkedin.com>
  Received: from maile-ed.linkedin.com (maile-ed.linkedin.com 
[199.101.162.60])
        by [removed] (8.14.5/8.14.5) with ESMTP id s457gjVQ013948
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
        for <[removed]>; Mon, 5 May 2014 00:42:51 -0700 (PDT)
  Authentication-Results: [removed]; dkim=pass
        reason="1024-bit key; unprotected key"
        header.d=linkedin.com header.i=@linkedin.com header.b=UyTsPaJu
  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkedin.com;
        s=proddkim1024; t=1399275758;
        bh=m3RA41aYlIhAwutaZd8/5p6sXXx1rnDoi4kKdNf6PvU=;
        h=Date:From:To:Subject:MIME-Version:Content-Type:
        X-LinkedIn-Template:X-LinkedIn-Class:X-LinkedIn-fbl;
        b=UyTsPaJuxbvrbLbrhwPq0TwJFtNZIs1J1SEUUqKTK/uU0KIO14h/kyqTeDv1UTWeV
        7b3rh0lOA2HxK68t2PHlOzEo4N7qGPZMiNv0oDMu6hqI84wgZSuyDSSFeXa4c5+MV8
        QXitJEceBdbA94UaFZ/brLnGVq1VV8W6qi84XgwU=
  Date: Mon, 5 May 2014 07:42:38 +0000 (UTC)
  From: [removed] <[removed]>
  To:  <[removed]>
  Message-ID: 
<64971956(_dot_)6815671(_dot_)1399275758987(_dot_)JavaMail(_dot_)app(_at_)ela4-app2321(_dot_)prod>
  Subject: Invitation to connect on LinkedIn
  MIME-Version: 1.0
  Content-Type: multipart/alternative;
        boundary="----=_Part_6815668_1839834165.1399275758986"

The email address in the "From:" header did not contain 
"linkedin.com" as the domain.  According to 
https://help.linkedin.com/app/safety/answers/detail/a_id/37021
  "Phishing is a common tactic that cyber criminals use to try and steal your
   information and your money."

How do I determine whether that message was not from someone trying 
to steal information?   How would linkedin.com send an invitation if 
the domain required permission to appear in the "From:" 
header?  There isn't a "Sender:" header in the above headers.
Regards,
S. Moonesamy  

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822