Eric Allman wrote:
Folks OK with that?
-1
If a verifier has a verified email with a d= what is the fundamental
value-add on insisting that From: is a signed header? After all, a
minimalist verifier is going to query some database to ask the
question: Do I like d=?
Will that query be influenced by a From: header? I'd think not. A
minimalist verifier could care less. All they want to know is, who is
the responsible domain and how much do I like them?
It still seems to me that enforcing a From: is a vestigial attempt to
protect MUAs. But I thought we had decided that we weren't in the
business of solving that problem? Is that true?
If we are truly out of the business of protecting MUAs, then I see no
rationale for enforcing From: signing.
If we are in the business of protecting MUAs then we need to re-visit
that whole can of worms around Sender: and Resent: and all those other
potential MUA originators and triggers.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html