> How does a receiver know the difference between a "mailer" and a > "random third party"?
It doesn't, and it doesn't care. It looks up the signing domain in its handy local list of signers worth paying attention to. Maybe at some future time there will also be external sources of worthy signers, but that's way outside the scope of any discussion here. > How do I, as a receiver, determine "who is supposed to be signing > the message"? You certainly can't tell by examining the message. If, say, I get a message from Alexey Panov, even if it has a DKIM signature that perfectly matches the From:. Sender:, SSP, and everything else, I still don't want it. And I doubt anyone else does, either. This was one of the few useful lessons people should have learned from SPF. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
