Earl Hood wrote:
IMHO any design and policy decisions that rely on particular
MUA rendering behaviors is a mistake.
+1 Besides some "popular" MUAs (on the wrong side of 2049 ;-)
show the Sender. Maybe it's ambiguous, but not obscure.
a signer can bind to Sender, From, Resent-Sender, etc.
IMHO it's impossible to improve PRA, and PRA isn't good enough.
Impossible from an DKIM POV (= independent of SMTP Mail From),
and ignoring all "solutions" based on worldwide upgrades.
Mailing lists that change the Sender can bind its signature
to it, independent of what is in the From and avoiding any
restrictions on From's SSP.
Okay. I'd say that lists _changing_ 2822 header fields are
at best utter dubious, and that DKIM shouldn't waste too much
time with broken list software. Why not simply promise to sign
the List-ID in the SSP of the list ?
If you're talking about lists with their own SSP. But I don't
see how that could help if a bad actor claims to be a list, and
to send mail "from" ebay. Somehow the SSP of ebay must be able
to say "lie" no matter what the phisher-disguised-as-list does.
Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org