On Tue, 15 Jan 2008 22:54:17 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
We then are left with the dilemma of what to do when there is more than
one author. One option would be to look up the practices of all of the
authors and combine them.
That seems like a good argument for choosing whichever of the From
addresses has the same domain as given by the signature. Essentially, "at
least one of the From addresses" should be un-suspicious. I might add that
iff the Sender was different from that one From domain the rule might be
different.
The one certain piece of information you start from is the domain that
signed it. So that is the domain you should be looking up.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html