On May 31, 2006, at 10:52 PM, Walter Dnes wrote:
It may help to preemptively address the forgery issue if the ISP
were to insure that the From address were valid before signing the
message. But this is an issue between the ISP and the user. If an
ISP is going to allow forged addresses why would their signature
verifying the address make any difference?
Real-life question...
1) How does any ISP (beyond a really small geek outfit) verify
that I
am authorized to use *(_at_)waltdnes(_dot_)org ?
A simple verification procedure would be to quarantine outgoing email
with unknown From addresses until the owner responded to a
confirmation request. This would present a difficulty for you if you
used a different From address for every outgoing email. The ISP may
decide to only verify your authorization once for any domain and
assume that any internal squabbles for forgeries within a domain are
someone else's problem.
Note that here I am only talking about an ISP preventing forged
addresses from being sent from their mail servers for which they
would be blamed. This part has nothing directly to do with DKIM
signatures.
-- Dan Oetting
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg