Michael Thomas wrote: > John L wrote: >> I still don't understand the scenario. Let's call the domain isp.com. >> Is it: >> >> A) No mail has an isp.com From: address, but mail with other From: >> addresses may have an isp.com signature. > > > Consider what I believe Y! does in their MUA: if it's got a valid > signature from isp.com > with a From: [EMAIL PROTECTED], it doesn't get a nice little message > saying that Y! > believe it came from customer.com. Thus the outsourced mail will not > be treated on > a par with mail signed on behalf of the domain. > > That's something. But suppose example.com is not a customer of isp.com but yet a message from example.com has a valid signature from isp.com. Are you saying that Y! should say that it believes it came from example.com, based on the assertion by isp.com that it only signs third-party messages?
Maybe I have trimmed off too much context here, I thought we were discussing the value of an "I only sign third-party messages". I'm with John; I don't see how that provides any useful information to the verifier. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
