Douglas Otis wrote: > On 5/3/11 4:25 PM, Murray S. Kucherawy wrote: >> I might even go so far as to say returning that From: field is >> dangerous since it is not confirmed by anything, so DKIM (which >> is an authentication protocol) returning data that can't be >> validated, even if it was signed, is quite possibly asking for trouble.
> This is a remarkable statement. DKIM's verification of the signing > domain provides a basis upon which contents of the message may be > trusted. That trust most certainly includes the important From header > field. In fact, only the From header field MUST be included in the DKIM > signature. As such, clearly defining what constitutes the From header > field IS important. +1 Maybe Murray's point was depending on the software, up, down, sideways reading, it would be possible for the wrong ODID would be extracted. But before that can happen, the signature would be invalid (Invalid RFC5322, Multi-From found). Therefore, only one ODID header will be outputted. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
