Jeff Macdonald wrote: > On Thu, Sep 30, 2010 at 9:19 PM, Douglas Otis <[email protected]> > wrote: >> Is there a safe way to shift DKIM signature compliance based upon the >> From header field to that of the Sender header field? > > We've avoided the Sender header because most folks are confused when > Outlook says "on behalf of". And not all MUAs display that anyway. > > I do agree that DKIM signature compliance should no be based on From. > In fact it should be a new domain/sub-domain altogether.
The fundamental problem with the current situation is that the authenticated identity is not displayed and the displayed identity is not authenticated. Rather than create a pointer indirection relationship between From and d=, which requires a secure binding as well as introducing a provisioning headache, maybe the right approach is to push on the former problem: encourage MUAs to display d= information when it can be validated (either directly by the MUA or by relying on trusted Authentication-Results headers from the last hop MTA). -Pete _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
