On Wed, Apr 28, 2010 at 3:09 AM, Alessandro Vesely <ves...@tana.it> wrote: > On 27/Apr/10 22:38, Jeff Macdonald wrote: >>> The From header field MUST be signed (that is, included in the "h=" >>> tag of the resulting DKIM-Signature header field). >>> http://tools.ietf.org/html/rfc4871#section-5.4 >>> >>> (see also http://tools.ietf.org/html/rfc4686#section-4.1.15) >> >> ah, I thought you were implying that the From domain had to match d= >> part. I see that you are not. > > It does not /have to/. However, if it does, recipients get the best > assurance dkim can deliver. Otherwise, unless they have configured > their trust assessments engines appropriately, the relevant signature > cannot be used by the recipients.
I think this has been covered before. And maybe I misunderstood you again, but just to be sure: From: <some...@i-trust.com> DKIM-Signature: ... d=phisher-i-dont.com; Say the signature validates. I'm pretty sure DKIM does not have any assurances about the validity of the message contents, and that would include the From header. It just validates that it came from the signer. -- Jeff Macdonald Ayer, MA _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
