Dave Crocker wrote:
Alas, it was pointed out to me that SSP does indeed have a requirement for a
lookup even when the message is signed. This is when there is so-called
third-party signing. (I believe this means when the domain in the
rfc2822.From
does not make the DKIM d= domain.)
I would at a minimum include rfc2822.Sender in this check: third part
signing is when the DKIM d= domain is not equal to either the
rfc2822.From's domain nor the rfc2822.Sender's domain.
Tony Hansen
tony(_at_)att(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html