> Eric Allman wrote: > > Folks OK with that? -1
If a verifier has a verified email with a d= what is the fundamental value-add on insisting that From: is a signed header? After all, a minimalist verifier is going to query some database to ask the question: Do I like d=? Will that query be influenced by a From: header? I'd think not. A minimalist verifier could care less. All they want to know is, who is the responsible domain and how much do I like them? It still seems to me that enforcing a From: is a vestigial attempt to protect MUAs. But I thought we had decided that we weren't in the business of solving that problem? Is that true? If we are truly out of the business of protecting MUAs, then I see no rationale for enforcing From: signing. If we are in the business of protecting MUAs then we need to re-visit that whole can of worms around Sender: and Resent: and all those other potential MUA originators and triggers. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
