If you give your keys to untrustworthy third parties, all bets are off. No
amount of extra protocol goop is going to change that.
Scott has raised a different concern. An ISP may not restrict what From is
used when signing with the ISP's domain.
In what sense is an ISP who signs mail from random senders who happen to
forge your domain not an untrustworthy third party?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html