Indeed the DKIM signature does not directly validate the 2822.From
address. However there is a means for the signing domain to
communicate an assurance of the 2822.From address through the use
of the dkim-signature i= syntax. A similar assertion is equally
plausible within the 2822.From policy record. This assurance could
be deferred to the 2822.From policy when the signing domain is a
subdomain or otherwise outside the 2822.From domain. A mechanism
for verifying proper use of the 2822.From address could be
analogous to steps taken when registering an email-certificate or
when subscribing to a mailing-list.
Providers that implements such a mechanism can ensure messages
signed for by a specific domain are not forging anyone's email-
address. Allowing DKIM to assert that the 2822.From address is
assured valid is clearly beneficial. This mechanism alone will
impact the amount of spam coming through bots, which represents
approximately 70% of the overall sources. An assertion by the DKIM
signer made by way of DKIM semantics or a 2822.From policy
statement *can* be done. Knowing which provider properly assures
the 2822.From address may require some type of domain assurance
council. : )
Doug, this is also incorrect. The i= "identity" is merely a string
that is advisory. There is *nothing* that a receiver can deduce about
it, because it is put there by the signer, who can put anything they
want.
Jon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html