Dave, > > The underlying problem is with coupling the From field to the > DKIM signature. At most, the Sender value should be used.
It would indeed be nice to use the Sender field, but I would be concerned about the Sender field not at least matching one of the domains of one of the RFC2822.From lines, lest someone attempt to bypass the tests by inserting a Sender. But then we need an extra rule in the state machine. Perhaps it is better to explicitly deprecate multiple >From lines? As UIs have developed they really don't index well against multiple From lines anyway. Eliot _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
