Some email service providers support the ability for their users to specify an alternate From address from the address supplied by the provider. I know Yahoo supports this for Mail Plus users and Gmail now supports it also.
The problem is the email service provider may not be able to DKIM sign messages sent out by such users since the domain in the rfc2822.From does not match the sending domain. Gmail does the following when using an alternate From: From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Now, if Gmail is able to bind a DKIM signature to Sender, then it does not have worry about the SSP policy of example.com. If it cannot, Gmail is discouraged to sign such messages since signing them may reduce the chance the message gets delivered. If example.com has an exclusive always-sign, non-3rd-party signing policy, then the above user cannot do something like the above since any DKIM verifier will fail such messages, regardless of Gmail's signing policies. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
