On 2006-01-31 08:30, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
If I do not publish any key records and a bad actor whips up an email
purported to be from me with a fake signature attached, a non dkim
compliant mta may have a rule that states "signed messages are probably
okay" that might bypass some spam checking software. Before DKIM is
fully adopted/deployed expect to see this happen,
1. As previously mentioned, anyone making reputation decisions based on
an unauthenticated DKIM signature will quickly learn (if they're paying
any attention at all) that they have made a mistake.
2. the "spammers have co-opted DomainKeys wtf omg" story was last year:
http://www.eweek.com/article2/0,1759,1732576,00.asp?kc=EWNKT0209KTX1K0100440
Re #2, the sky has not yet fallen.
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
ietf-dkim mailing list
http://dkim.org