[ietf-dkim] list vs contributor signatures, was Wrong Discussion
dhc at dcrocker.net
Mon May 10 12:00:23 PDT 2010
On 5/7/2010 10:07 AM, John R. Levine wrote:
> No, all it says is "we signed this mail." A signer with a good reputation
> will presumably rarely sign mail where the From: address actively
> misidentifies the sender, but that's a second order effect.
"misidentifies" covers quite a lot.
If I send mail from bbiw.net (well, actually, sbh17.songbird.com is my standard
MSA) but label the From: field as being gmail.com, that's reasonable to classify
as "misidentifying" the From: address, since songbird has nothing to do with gmail.
Operator-based signing is typically meaning that the message was posted by an
authorized user. There's absolutely no implication that the operator checked or
enforced the contents of the From: field.
So, the "second order" effect you cite is probably much more indirect than that
(third, fourth or fifth-order effect) and much narrower (abusive mislabeling, or
More information about the ietf-dkim