>Scenario 3a: >1) A is a popular phishing target and prefers to suffer message >rejections for messages that don't carry a valid signature by A (or a >designated third party) than to have messages that are unsigned or >signed by other parties delivered. >2) C sends message on A's behalf using C's identity. >3) B would like to know if C's signature has any relationship to A. >4) If C's signature does not have a relationship to A, then A prefers >that the message not be accepted for delivery
This is the same as scenario 1. The message doesn't have A's signature, B wants to know if that's OK. The set of possible C's that we don't trust is unlimited, and I can't see any point in trying to enumerate them. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
