On Jul 28, 2006, at 11:23 AM, John Levine wrote:
Yes and what is another customer of the ISP submits mail using my
From. in virtually all cases today there is nothing to prevent that.
If you give your keys to untrustworthy third parties, all bets are
off. No amount of extra protocol goop is going to change that.
Scott has raised a different concern. An ISP may not restrict what
From is used when signing with the ISP's domain. An ISP might also
request a confirmation that the sender can receive message at that
address before allowing use of the address. The policy expressed at
the OA (rfc2822.From) indicates the specific set of signing domains
that have been designated as signing on behalf of the OA. This would
be independent of who has what keys. This would be strictly a
function of the OA policy.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html