It follows that in order to determine responsibility for the sender
one first needs to determine responsibility for the domain, and the
way that is done with DKIM is via DNS. The source of authority for
the sender can then from that point be delegated.
Eliot,
Thanks for raising the concern about ambiguity. Getting precise and
consistent about terminology/references is fundamental to these
discussions, so it's unfortunately necessary to add to your effort:
What do you mean by "sender"?
The term is being used variously -- and unfortunately with some
legitimate basis -- to refer to rfc2822.Sender (of course) but also to
rfc2822.From, rfc2821.MailFrom, rfc2821.Helo (and, therefore, pretty
much any of the From parameters in rfc2821.Received.)
For discussions like these to make real progress, I really do suggest
that people stop using the now-completely-ambiguous term "sender" and
make a point of citing the specific data field they mean.
d/
_______________________________________________
ietf-dkim mailing list
http://dkim.org