[ietf-dkim] SSP security relies upon the visual domain appearance
dotis at mail-abuse.org
Fri Nov 18 00:15:26 PST 2005
On Thu, 2005-11-17 at 21:28 -0500, Bill.Oxley at cox.com wrote:
> If the hash validates to the signing domain and first sender, why is
> it necessary that the two domains be the same?
It would be a matter of policy that limits this freedom. Only the '!'
policy offers protection at the email-address by a mandate that the From
email-address domain be within the signing-domain.
With reputation schemes already in place to accrue reputation at the
email-address when associated with any form of authorization, the only
practical strategy would be to assert an '!' policy to assure the
acceptability of your messages. Policy records direct complaints to the
email-address-domain rather than the signing-domain. Who do you think
is considered accountable?
More information about the ietf-dkim