MH Michael Hammer (5304) wrote: > By what mechanism do you know that the 4 authors (from addresses) > engaged someone from domain E?
By definition (in RFC 822). > We currently have no way of knowing that across domains other > than the fact that the person from domain E claims it. Yes, but you only somebody you wish to hold responsible, and if E signed it you have someone. If nobody signed it, with E's SSP saying "strict signer", you can reject it. It's a semantical matter, do you want to protect senders (as the name SSP suggests) or authors (in conflict with e-mail practice). For the typical case one From, no Sender, there's no difference. > What about the cases where domain E has no reputation? Same problem as a PASS "From: A" (no B, C, D, E). > There is nothing that states that sender is authorized by the > purported authors unless it is case #2 | originator = authentic ; authenticated addr | [ "Reply-To" ":" 1#address] ) | | authentic = "From" ":" mailbox ; Single author | / ( "Sender" ":" mailbox ; Actual submittor | "From" ":" 1#mailbox) ; Multiple authors | ; or not sender You could ask Dave what "authenticated addr" for <authentic> was supposed to mean back in 1982 ;-) The sender is the "submittor" of the mail - not necessarily to SMTP, the envelope sender can be different in e.g. UUCP -> UUCP gateway SMTP -> SMTP scenarios. Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
