MH Michael Hammer (5304) wrote:
By what mechanism do you know that the 4 authors (from addresses)
engaged someone from domain E?
By definition (in RFC 822).
We currently have no way of knowing that across domains other
than the fact that the person from domain E claims it.
Yes, but you only somebody you wish to hold responsible, and if
E signed it you have someone. If nobody signed it, with E's SSP
saying "strict signer", you can reject it.
It's a semantical matter, do you want to protect senders (as the
name SSP suggests) or authors (in conflict with e-mail practice).
For the typical case one From, no Sender, there's no difference.
What about the cases where domain E has no reputation?
Same problem as a PASS "From: A" (no B, C, D, E).
There is nothing that states that sender is authorized by the
purported authors unless it is case #2
| originator = authentic ; authenticated addr
| [ "Reply-To" ":" 1#address] )
|
| authentic = "From" ":" mailbox ; Single author
| / ( "Sender" ":" mailbox ; Actual submittor
| "From" ":" 1#mailbox) ; Multiple authors
| ; or not sender
You could ask Dave what "authenticated addr" for <authentic> was
supposed to mean back in 1982 ;-) The sender is the "submittor"
of the mail - not necessarily to SMTP, the envelope sender can
be different in e.g. UUCP -> UUCP gateway SMTP -> SMTP scenarios.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html