Mark Delany wrote: >> How do you then decide which policies to check? Does this mean that you >> need to check every address corresponding to a From, Sender, >> Resent-from, Resent-sender, 2821 envelope-from, and List-id, ... > Right. The "Which I" problem.
Indeed. I suspect the challenge, here, is to decide which *few*, real threats are serious enough to warrant a solution. By contrast, an exhaustive exercise to think of every possible scenario that we might feel like covering seems like a good way to a) reduce the overall relevance of the work, and b) make the mechanism big enough and complex enough to be difficult to implement properly. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
