>> Including the From: field in the DKIM hash does *not* carry the semantic >> that it has valid content!!!!! > >As I said .. in certain cases.
No, in no cases. None whatsoever. All a signed From: field tells you is that it had the same content when it was signed as when you checked the signature. You may well have opinions about the utility of a particular signer's signature, and you might have an external reputation system that says "foo.com only signs From: headers that they believe" but that is external to DKIM. If a mail manager as sophisticated as you has trouble understanding the layering of DKIM, we're going to have horrible problems explaining it to the masses. > The other alternative being some other field (such as a received >header with smtp authentication data) that does get signed. If you want a signature that identifies the individual user, there's S/MIME and PGP. It's clear that it might be useful to have add-ons to DKIM that provide more complex semantics, and "signer validates From: address" would be a reasonable one, but as it stands, the only common semantics among DKIM signatures is "I signed this message". R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
