If I have a message with your valid 3rd party signature, meaning that
you've published the key, and your SSP says you sign only your own mail,
which do I believe? Why or why not?
You [optionally] report this error to me and classify this as likely bad
email due to policy.
Why should I believe the SSP rather than the signature? You signed it,
you're responsible for it. If experience with SPF is any guide, most
non-trivial SSP records will be wrong because the people setting them up
won't understand what they mean.
On the other hand, if your software is so buggy that it signs mail with
random other From: lines when it's not supposed to, why are you signing at
all?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html