On Thu, 2005-11-17 at 21:28 -0500, [EMAIL PROTECTED] wrote: > If the hash validates to the signing domain and first sender, why is > it necessary that the two domains be the same?
It would be a matter of policy that limits this freedom. Only the '!' policy offers protection at the email-address by a mandate that the From email-address domain be within the signing-domain. With reputation schemes already in place to accrue reputation at the email-address when associated with any form of authorization, the only practical strategy would be to assert an '!' policy to assure the acceptability of your messages. Policy records direct complaints to the email-address-domain rather than the signing-domain. Who do you think is considered accountable? -Doug _______________________________________________ ietf-dkim mailing list http://dkim.org
