When I pointed out that the "first from" rule enabled a trivial end
run around SSP, by using a real first address and a forged second
address that is likely to be visible in MUAs, I naively assumed that
it would be obvious to everyone that any rule other than checking all
the addresses would have the same hole, hence the fix is to check all
the From: addresses, and then move on to something else.
I for one understood the assumption you made. Misunderstanding was not
this issue in my mind. The issue is what to do about evil do'ers that
would certainly take advantage of this "MUST" - It concerns me.
But no, we got endless nattering instead. This is not a subtle point,
and I share Steve Atkins' concern that a group of people who don't
understand the way that e-mail works can't design a working protocol.
What?
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html