On 02/28/2012 01:11 AM, ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:
And as Randy points
out, a lot of legitimate uses of it run afoul of incompetently designed
security restrictions.
As it happens I was involved in implementing exactly this restriction once.
The chain of logic was like this: 1. We want to sign using DKIM. 2. For
that we need to make sure each outgoing From address is something the
domain owner is happy to sign for. 3. We'll restrict From and the smtp
sender addresses to ones explictly connected to the SASL/Submit user.
The DKIM design isn't incompetent, none of steps 1-3 seem obviously
incompetent. Tell me what I overlooked?
Arnt