Douglas Otis wrote:
Agreed. However, when a domain attempts to assert control over the From header field using DKIM and ADSP, they must "pretend" to authenticate an email-address within the From header field.
I don't think we're talking about any such assertions here. We're only interested in protecting an Authentication-Results: header added by a border MTA on inbound mail. Seems like ADSP and even From: are somewhat irrelevant to this discussion.
