|
|
|
|
|
|
by upofadown
11 days ago
|
|
|
A signature is not authentication in itself. It is only such if the signing entity is in some way restricting what it is willing to sign. The domain part of the email address in the "From" field is so restricted. The signing MTA will only sign domains that it controls. Otherwise it would suffer a loss of reputation. The user part of the address is not so restricted. The name part of the email address is also part of the same signature but is not being authenticated either. |
|
|