John Levine wrote:
Ah, but that begs the question.
What I was asking a few messages back is why anyone who's actually
involved in running e-mail would care whether someone forged
beans.rice.a.foo.com.
I understand why someone in the legal department would want maximum
blanket everything, regardless of cost or feasibility, because that's
what they always want. But do you know anyone who would treat mail
purporting to be from beans.rice.a.bigbank.com as being from
bigbank.com? I don't.
This seems to be an empirical question, where "I don't" may not
provide much useful information.
Assume, say, one million people who regularly receive valid emails
from their bank (info(_at_)accounts(_dot_)bigbank(_dot_)com). If they received
an email
from info(_at_)mail(_dot_)account(_dot_)bigbank(_dot_)com, how many of them
would believe the
email is really from the bank?
I have no idea what the answer would be, but I'm pretty sure it's not
zero or one million. If it's sufficiently large (for some definition
of "sufficient"), I can see that people outside the legal department
would also care.
Best regards,
Pasi
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html