Earl Hood wrote:
On August 16, 2005 at 19:23, Michael Thomas wrote:
Huh? All you'd need to do is add the DKIM-Signature to the h=
list just like any other header.
Which header do I use for verification if multiple DKIM-Signature
fields are presents? Do I assume that it is the next one below
me, hoping no re-ordering has been done?
Why should order matter? Even if, say, the domain that
asserts the corresponding From address were out of order...
so what? What I do is look for the first signature that
asserts the From address successfully, and I'm done.
Not if it is spam. Spam may have changed how people interpret From.
The only time From is relied upon is if the receipient sees that the
content of the message is matches with what they expect from From.
As well they should... which is rather the problem at hand, no?
You are making assertions that all mail users know is the From and it
indicates who "authored" the message. I'm making the point that the
From is not a strong indication of authorship, and many mail users
realize this, and must do more to determine who the real author may
be (which typically means checking the Subject and message content).
It seems mail users would like to see additional indicators beyond
From to provide who created and was involved in the transmission of
the message to avoid reading the message contents (and the potential
dangers of doing so).
They can't trust the From. Now. The intention is to change
that so there exists a way that they can have more trust in
it. Not perfect trust, but certainly a lot more than we
have today. FWIW, I think the utility of this has more
impact for phishing attacks, and would be rapidly realized
when the financials, etc, start signing their outbound mail
en masse.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org