>I think this is the key issue then and we ought to focus on it. In >my view almost the entire point of a signing policy is constraining >whose signatures are considere authorized by the domain owner.
I'm assuming that when you say authorized, you mean authoritative. (English definitely has its shortcomings.) A few scenarios: Message from domain A, signed by A; does SSP matter at all? Message from A, signed by B; A's SSP says B signs all its mail Message from A, signed by A and B; does SSP matter? (I hope not.) Message from A, signed by C; SSP says nothing about C. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
