----- Original Message -----
From: "Earl Hood" <earl(_at_)earlhood(_dot_)com>
Good start, but since you state MUST and REQUIRED before the list,
no need to restate them again. How about:
A Sender Signing Policy Check based upon the Originator Address
MUST be performed on a messag if one of the following conditions
are met:
a) Message is unsigned.
b) Message is signed but fails signature verification.
b[C]) Message contains a valid signature where the signing entity
domain is not the same as, or a parent of, the domain of the
Originator Address.
I believe the last one (C) might need adjustment:
C) Message contains a valid signature where the signing entity
domain is not the same as, or a parent of, the domain of the
Originator Address and there does not exist a second signature
that reflects the original address domain
D) Second signature exist for the Originator address.
The last one is needed because it might indicate that additional signing was
not expected (3rd party).
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com