On Wed, Apr 28, 2010 at 3:09 AM, Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
On 27/Apr/10 22:38, Jeff Macdonald wrote:
The From header field MUST be signed (that is, included in the "h="
tag of the resulting DKIM-Signature header field).
http://tools.ietf.org/html/rfc4871#section-5.4
(see also http://tools.ietf.org/html/rfc4686#section-4.1.15)
ah, I thought you were implying that the From domain had to match d=
part. I see that you are not.
It does not /have to/. However, if it does, recipients get the best
assurance dkim can deliver. Otherwise, unless they have configured
their trust assessments engines appropriately, the relevant signature
cannot be used by the recipients.
I think this has been covered before. And maybe I misunderstood you
again, but just to be sure:
From: <someone(_at_)i-trust(_dot_)com>
DKIM-Signature: ... d=phisher-i-dont.com;
Say the signature validates. I'm pretty sure DKIM does not have any
assurances about the validity of the message contents, and that would
include the From header. It just validates that it came from the
signer.
--
Jeff Macdonald
Ayer, MA
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html