Why isn't a signed 822.From sufficiently accurate sender information
from a provider who cares?
The "who cares" bit is a reputation system, you know.
I also suspect that my signing model is fairly typical of small
providers. I sign everything, and make no effort to validate stuff on
the From: line. In the unlikely event that one user engages in
hostile spoofing of another, there's enough stuff in the Received:
headers and logs to figure it out.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html