chl at clerew.man.ac.uk
Fri Jan 25 07:37:36 PST 2008
On Thu, 24 Jan 2008 19:54:00 -0000, Jim Fenton <fenton at cisco.com> wrote:
> My concern has to do with whether the SSP of the other From (author)
> domains has to be considered as well. Just as the point has been made
> that it's not proper to handle this case by arbitrarily picking the
> first From domain, I believe that it's also not proper to use Sender for
> this purpose. Given that belief, the question of whether Sender is
> signed or not is moot.
The Sender header is an assertion "This is where this message _really_
came from". If Ebay does not want people to be able to say "this message
came from Ebay (even if Ebay appears nowhere in the Froms), then it ought
to be possible for Ebay to state that policy in its SSP; whether such a
policy is implied by 'strict', or by some other yet-to-be-invented tag, is
just a minor technical detail to be decided. Likewise for the Resent-*
Note that I am assuming such signatures would encompass the Sender header
(which is a SHOULD in 4871).
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim