John Levine wrote: >> Why isn't a signed 822.From sufficiently accurate sender information >>from a provider who cares? > > The "who cares" bit is a reputation system, you know. > > I also suspect that my signing model is fairly typical of small > providers. I sign everything, and make no effort to validate stuff on > the From: line. In the unlikely event that one user engages in > hostile spoofing of another, there's enough stuff in the Received: > headers and logs to figure it out.
I don't see how because that would represent the anonymous unknown world. However, what is shown is your 5322.From domain if you simply exposed a DKIM=ALL (or DISCARDABLE if it applies) policy for your IECC.COM domain or any other you are hosting, then all ADSP RECEIVERS would be able to protect your DOMAIN reputation from abuse. You won't be responsible for any harm done and further more, the resigner would not assume any erroneous responsibility. All the eyes dotted, tees crossed - common sense protocol consistency within WG documents. You can't development a consistent protocol with unknown methods and solutions only privy to MTAs outside this group. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html