Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
If a bad actor sends me a mail from a non DK compliant domain
and he tags the mail with a hash compiled to decode as being
from eBay, the sending IP would not match?
My idea was a phisher using his own throw-away-DKIM-domain of
the day, pretending to be a mailing list. So he'd get an OKAY
for his stuff (e.g. Earl's idea Sender or something else), but
the From could be everything (as required for real lists).
In that case SSP should offer something protecting the From no
matter what wannabe-list-phishers try. Maybe a "From-binding
trumps Sender-binding (or List-ID binding)" could do the trick.
Then we're back to the questions about domains without SSP,
but maybe I miss something important here (?) Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org