Any way to tell someone its signature is used in third party signing? ----- Original Message ----- From: "Douglas Otis" <do...@mail-abuse.org> To: "Franck Martin" <fra...@genius.com> Cc: ietf-dkim@mipassoc.org, "Hector Santos" <hsan...@santronics.com> Sent: Saturday, 21 February, 2009 10:20:39 AM (GMT+1200) Auto-Detected Subject: Re: [ietf-dkim] NO DKIM "POLICY"
On Feb 20, 2009, at 1:58 PM, Franck Martin wrote: but it can come from @example.com signed by @test.com This could be described a third-party signature, where test.com should not be considered authoritative for example.com, just as ads.example.com should not be. While test.com may allow acceptance of example.com's email, its signature should not directly assure recipients that use of the example.com domain is not being spoofed. Socially engineered attacks can easily acquire a signature from an otherwise reputable domain. -Doug
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html