Wietse Venema wrote:
The problem that you refer to is due to the mistaken belief that
DKIM signatures imply anything about rfc2822.from addresses. We
can eliminate the problem by simply taking DKIM signatures for what
they actually are: proof about the identity of the signing party,
not proof about the identity of the author. =============
If you take the real life example of Yahoo!, I believe that they
annotate the
mail when the message contains a valid first party signature (ie from
the author
domain). I'm not certain whether they annotate it if it contains only a
third party
signature, but there's a lot of reason to believe that that would be
very confusing
to their users if they did. Annotation of the third parties might
inadvertently lend
credibility not deserved. Human factors are tricky things.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html