[ietf-dkim] Collection of use cases for SSP requirements
Steve Atkins
steve at blighty.com
Wed Nov 15 11:43:11 PST 2006
On Nov 15, 2006, at 11:33 AM, John Glube wrote:
>
> * When writing the SSP, the working group takes into
> account that there is a group of senders (who mail on
> behalf of others) that follow recommended practices by
> publishing a sender header, who would like to sign the
> sender header, have this signature verified and want to
> protect the domain in the sender header from phishing and
> forgery attacks.
Is the content of the Sender header commonly used
by the end-user, or even visible to them?
If not, how is it directly relevant to "phishing and forgery
attacks"?
(I'm not arguing that having a Sender header that points
at the sender is anything other than a good thing, or even
that having some Sender-specific foo in some hypothetical
SSP spec would be a bad thing, just the line of reasoning.
I think you're skipping over some details that are important
to bring up explicitly.).
Cheers,
Steve
More information about the ietf-dkim
mailing list