---[A: Misstatement of the DKIM mechanism.]
,---
| 1. Introduction
|
| DomainKeys Identified Mail (DKIM) [I-D.allman-dkim-base] defines a
| mechanism by which email messages can be cryptographically signed,
| permitting a signing domain to claim responsibility for the use of a
| given email address.
'---
A verified signature does not indicate that the signing domain is
claiming responsibly for some email-address found within the
message. It is not a reasonable practice for a general access
provider to inject a Sender header just to meet this expectation.
This has already caused problems and should be avoided.
This should read:
: DomainKeys Identified Mail (DKIM) [I-D.allman-dkim-base] defines a
: mechanism by which email messages can be cryptographically signed,
: permitting a signing domain to be held accountable for the message.
: When an email-address contained within the message is also within
: the signing domain, and noted within the 'i' parameter, the signing
: domain may also be held accountable for verifying the use of the
: email-address conforms to their policies.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org