The debate here is whether or not it's mission-critical for SSP to use
From: in all cases or whether some other sender identity (like Sender:
header) could be used to equal effect generally or in specific cases
(like when there are multiple addresses in From).
Given that it would solve the problem described in 1525 and also bring
us closer to a consensus position perhaps this thread should discuss
what is lost through utilization of the Sender header in at least some
cases.
Arvel
Dave Crocker wrote:
Whereas SSP began as a simple idea as a means of deciding whether an
unsigned message should have been signed, it has morphed into an effort
to validate the From field. That is a very, very different goal.
While DKIM has the goal of assigning *any* identity to a message, so
that that identity can be assessed, the current work on SSP is
attempting to instead validate authorship.
For the purposes of ensuring the presence of any valid identity, using
the Sender: field is just as acceptable as From:. It also has the
appeal of being far simpler and, by the way, supporting a wider range of
legitimate usage scenarios.
Rather than deal with the problems caused by rigidly insisting on using
the author string, you seem intent on ignoring the feedback about those
problems and the remarkably simple and useful suggestion to switch to
the Sender: field.
But, then, this focus on using author information goes back to a belief
that SSP can somehow be useful directly to end-users, in spite of there
being no empirical basis for believing this and plenty of empirical
basis for knowing that it will be trivial for bad actors to bypass this
bit of "protection".
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html