Michael Thomas wrote: > > I think we'd do better to just not conflate both of these > things. There are signers that are willing to assert "this > passed through me, for whatever that's worth", and "this > passed through me, and I have a relationship with one or more > of the outside addresses visible". The first is, essentially, > a signed received header. The second provides the originating > domain a way to provide some amount of comfort to the > receiver that it's that domain sending the mail rather than > some random forger. They solve two different problems, IMO, > and a domain may well be willing to provide the first, but > not the second. >
Is the first scenario one that DKIM is intended to support? My understanding is that a signing party is vouching for the message. This means that it is providing an assurance that the message contents, including originating address fields, are authorised. If the signing party is unwilling or unable to provide this assurance, then they should not apply a signature. The receiving party can place a value on this assurance depending on a variety of factors (relationship to originating address, reputation, etc). -- James _______________________________________________ ietf-dkim mailing list <http://dkim.org>
