J.D. & Steve,
Thanks for affirming my own thoughts - we have a corner case and we just
need to handle it safely. We can't leave a gaping hole through which
all spammers can walk. I believe John L's and Arvel's proposal is
perfectly fine for this corner case, along with what Mike Thomas and I
suggested (a sentence or two in the security considerations about DNS
queries).
I've been doing this stuff not quite as long as Dave or Eric, but still
a long time, and I have *ONCE* seen a multiple From: line (I recall it
because it was recent, and it broke something!).
Eliot
Steve Atkins wrote:
On Jan 18, 2008, at 6:28 PM, J D Falk wrote:
How many people here have EVER seen a real message (not just a test to
see if it'd work) with multiple addresses in the From: header?
I know I'm still a newbie around here -- I've only been working on mail
systems since 1994 -- but I've never seen it.
Seems to me that this is one of the furthest-out edge cases yet.
Never seen it. No trace of it in any mailboxes here.
"What if spammers did it in order to compromise SSP?" is a
perfectly reasonable question.
"Multiple From: fields implies SSP fail" is a perfectly reasonable
answer.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html