On Thu, 24 Jan 2008 19:54:00 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
My concern has to do with whether the SSP of the other From (author)
domains has to be considered as well. Just as the point has been made
that it's not proper to handle this case by arbitrarily picking the
first From domain, I believe that it's also not proper to use Sender for
this purpose. Given that belief, the question of whether Sender is
signed or not is moot.
The Sender header is an assertion "This is where this message _really_
came from". If Ebay does not want people to be able to say "this message
came from Ebay (even if Ebay appears nowhere in the Froms), then it ought
to be possible for Ebay to state that policy in its SSP; whether such a
policy is implied by 'strict', or by some other yet-to-be-invented tag, is
just a minor technical detail to be decided. Likewise for the Resent-*
headers.
Note that I am assuming such signatures would encompass the Sender header
(which is a SHOULD in 4871).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html