On Thu, 27 Jul 2006 16:50:17 -0700 Jon Callas <[EMAIL PROTECTED]> wrote: >On 27 Jul 2006, at 4:01 PM, Scott Kitterman wrote: > >> To clarify, by me, I meant my domain. The problem is that in this >> type of >> scenario, there is no way to externally distinguish between mail >> actually >> sent by the vanity domain owner and mail sent by another customer of >> isp.example.com >> > >I would phrase it as a "situation" or "issue" rather than a "problem." > >However, it's not strictly true. Example.com is supposed to be >signing the "From" header field. (Section 5.4: "The From header field >MUST be signed....") If the From line from your domain is different >from the other customers, then it can be distinguished. > Yes and what is another customer of the ISP submits mail using my From. in virtually all cases today there is nothing to prevent that.
>>>> This is really an internal ISP operational problem (they need to >>>> sort out who >>>> is allowed to use what identities on their servers), but the >>>> protocol and >>>> associated guidance need to make that clear. >>> >>> How is it not clear now? >>> >> I'm not sure yet. At this point we're just talking about >> requirements and if >> this type of requirement is covered through policy or not. > >I think it's covered in the *syntax*. > As long as the proper controls are in place at the ISP and the policy protocol allows me to express which domain(s) are authorized to sign for my domain. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
