> DKIM either needs stronger binding semantics, or > it needs to limit when signing can be done. I think DKIM deals with this correctly right now. Binding to the RFC2822.From header is not required BUT when it's missing an SSP check is performed to discover and enforce the wishes of the domain owner. -- Arvel