Charles Lindsey wrote:
Agreed. If the Sender domain was already one of the From domains, there
is no need to consider it further.
But suppose that there were 4 From addresses, from domains which
published no SSP. But for some reason the 4 authors had engaged someone
from domain E to Send it for them. Suppose E publishes a strict SSP.
Then they are going to sign it on the way out, and so it is a 1st party
signature.
Charles, unless I missed you points, don't you see the conflicts in this
scenario? The lack of protocol consistency?
I just have a hard them believing that an organization (DOMAIN E), small
or large, who is going to invest time, money and energy in implementing
DKIM/SSP and go through in what will mostly likely be an extensive
company review process and due diligence of their domain properties and
usage by employees, to decide they want use a DKIM=STRICT policy
accompanied with new company wide stated mandate for all employees and
then turn around and go against its own new company mandate to use the
domain in ways that a) are against the current SSP guidelines and b) are
100% exploitable.
I just don't get it.
I am not suggesting that the scenario is not possible, but that in this
case, DOMAIN E will not volunteer or agree to do this on behalf of the
other four domains simply because it can't, not in this mode of
operation, without violating the SSP specifications and continue to
subject its domain to unprotected exploitation.
If domain E wanted to offer such a service, it will do so using a less
restrictive domain probably using 3rd party signatures that will be
handled in the same "legacy" normal ways of less protection and mostly
tied to some reputation system that only a few receivers will be able to
handle.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html