What a complete waste of effort. If I were an ISP using DKIM, I would
be sure there was a header in my outgoing mail with enough info to
identify the customer (opaque token is fine), and include it in the
signature. Then if a recipient objects, I know who the guilty party
is regardless of what address he used.
I did state in my first post:
It may help to preemptively address the forgery issue if the ISP
were to insure that the From address were valid
Who said anything about From addresses? Like I said, the signing ISP
puts a token in one of the signed headers so it knows which customer
it was, regardless of what's on the From: line. As I think we've gone
over more than once, it is extremely unlikely that an ISP would know
what addresses its customers were or were not allowed to use, and
arbitrary limits like you have to use the address that came with the
account don't work.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg