Dave Crocker wrote:
> Alas, it was pointed out to me that SSP does indeed have a requirement for a
> lookup even when the message is signed. This is when there is so-called
> third-party signing. (I believe this means when the domain in the
> rfc2822.From
> does not make the DKIM d= domain.)
I would at a minimum include rfc2822.Sender in this check: third part
signing is when the DKIM d= domain is not equal to either the
rfc2822.From's domain nor the rfc2822.Sender's domain.
Tony Hansen
[EMAIL PROTECTED]
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
