>As I read the later case, the only signature present (C's) is not one that is >included in A's SSP. In this case we have a message with a signature that is >outside the scope what A has said is authorized (or not included in A's >authoritative list). If A is a high profile phishing target and signs all of >it's mail, then it would be useful (I think) for receivers to recognize that >the message has been signed by someone other than who A said it would.
Why do you want to prevent people from forwarding genuine, unmodified messages? That's a feature, not a bug. If ebay sends a message with a valid ebay signature, how can any chain of forwarding and added signatures change the fact that it's a real ebay message? Let's assume that ebay has enough sense to sign its MIME headers and not to use l=, so the message that's delivered is the same one that was sent. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
