On Feb 20, 2009, at 1:58 PM, Franck Martin wrote:
but it can come from @example.com signed by @test.com
This could be described a third-party signature, where test.com should
not be considered authoritative for example.com, just as
ads.example.com should not be. While test.com may allow acceptance of
example.com's email, its signature should not directly assure
recipients that use of the example.com domain is not being spoofed.
Socially engineered attacks can easily acquire a signature from an
otherwise reputable domain.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html