On Jan 18, 2008, at 8:18 AM, Michael Thomas wrote:
Frank Ellermann wrote:
Arvel Hathcock wrote:
suppose that the Sender header were used only when the domain
found therein matched one of those in the From. Then it would
disambiguate the process allowing SSP to know precisely which of
the multiple domains involved in authorship purports to be that
which posts the message to the mail stream.
This would not help in cases where the Sender: domain is entirely
different from any found in the From: but at least it would
address the root concern found in issue 1525. That is, it could
no longer be said that SSP requires the first author to be the
poster (which is the meat of issue 1525) and this issue could
perhaps be closed?
It's a plausible idea, IMO really better than "first author".
Wannabe "mailing lists" mutilating an existing Sender have no leg
to stand on, multi-author scenarios are rare at best, and SSP
explicitly notes that it's not designed for "non-standard" mailing
lists.
What about the situation where you have multiple From addresses and
no Sender (or a sender that doesn't correspond to any of the From
addresses)? This might not be legal 2822, but spammers don't care
about that.
It should not matter which header a signature is on-behalf-of as long
the signing domain could be valid for the From email-address domain.
The i= parameter within the signature could be an opaque value and not
be associated with any header. An unrestricted signature of the From
_domain_ irrespective of the i= parameter would make the message
compliant with "all" or "strict". The MUA might be able to only
highlight the signing-domain and not a specific header. Limited
highlighting is not really different for a signature without an i=
where are multiple email-addresses within the same domain.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html