John Levine wrote:
Why isn't a signed 822.From sufficiently accurate sender information
from a provider who cares?
The "who cares" bit is a reputation system, you know.
I also suspect that my signing model is fairly typical of small
providers. I sign everything, and make no effort to validate stuff on
the From: line. In the unlikely event that one user engages in
hostile spoofing of another, there's enough stuff in the Received:
headers and logs to figure it out.
I don't see how because that would represent the anonymous unknown
world. However, what is shown is your 5322.From domain if you simply
exposed a DKIM=ALL (or DISCARDABLE if it applies) policy for your
IECC.COM domain or any other you are hosting, then all ADSP RECEIVERS
would be able to protect your DOMAIN reputation from abuse. You won't
be responsible for any harm done and further more, the resigner would
not assume any erroneous responsibility.
All the eyes dotted, tees crossed - common sense protocol consistency
within WG documents. You can't development a consistent protocol with
unknown methods and solutions only privy to MTAs outside this group.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html