Douglas Otis wrote: > There is a domain within the signature that should > be used to assess compliance. What prevents a valid > signature of the From domain from allowing a message > to comply with "all" or "strict"?
The most interesting case for SSP is "no signature". For my unconvincing "toss a coin" list (Message-ID or first author or Reply-To) it's of course possible to add "use any signature for a domain in From addresses" to figure out a relevant domain for SSP. But that only works if there is a corresponding DKIM signature, when it's not really necessary to test SSP. Or do I miss something obvious in your proposal ? We could pick John's proposal where Arvel's idea doesn't work, just look at all domains in From addresses, for legit mail it's rare. That needs some "SSP processing limits" for malicious mails (not as badly as for SPF). Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
