At 4:16 PM -0800 3/15/06, Michael Thomas wrote:
How does a receiver know the difference between a "mailer" and a
"random third party"?
If the mailer also follows IETF standards that indicate that it is
the mailer of the message, that tells the receiver something. Also,
the receiver's software can simply ask.
How do I, as a receiver, determine "who is supposed to be signing
the message"?
It's not from the From: address as that's from the originating domain.
Anyone who is assumed to have sent the message can be assumed to sign
the message. If that signature is from someone whom the receiving
agent doesn't think is supposed to be signing the message, the agent
can throw away the signature as irrelevant. Receiving agents will
know that mailing lists might send the message without changing the
From.
You're making
pretty big assumptions that I, as a receiver, have any clue as to what the
relationship between the purported from and the mailing lists it
traverses are.
It doesn't seem like a big assumption at all. RFC 2919, a standard,
says exactly how a mailing list can say where the list is hosted.
Even if the list doesn't use that standard, a receiving agent can ask
a user "this message is signed by someone I don't know; does the
domain lists.example.net seem like the sender of this message?". Many
MUAs have this kind of capability now for moving mailing list
messages into folders.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html