Assume that the signature is from someone you've known and trusted for
20 years, and you've never heard of the From: domain before.
Your last point is an artificial construct. Remember, the discussion is
about Sender signing vs From Signing. Is your trusted friend signing as
sender or simply appending their signature? Is this a general case? Is
it even a likely case? In what case would your friend be signing as
sender if the From domain owner has not signed and their SSP says that
they always sign their email?
Well, after a few seconds of contemplation, the obvious examples are
mailing lists like this one and courtesy forwards that replace the Sender:
or reformat the message a little, but if I thought more, I'm sure I could
come up with dozens of others.
As I pointed out above, I view your example as highly unlikely.
Yes, you made that clear. I suppose your analysis would be useful in a
world without mailing lists or forwarders, but I don't see much relevance
to this one.
R's,
John
PS:
This is the exact problem for PRA in the SIDF implementation.
Quite right. What would be the point in inventing yet another
authentication scheme that fails in all the same places that SIDF and SPF
do?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html