Statement is misleading
4.2.1. Look-Alike Domain Names
Attackers may attempt to circumvent signing policy of a domain by
using a domain name which is close to, but not the same as the domain
with a signing policy. For instance, "example.com" might be replaced
by "examp1e.com". If the message is not to be signed, DKIM does not
require that the domain used actually exist (although other
mechanisms may make this a requirement). Services exist to monitor
domain registrations to identify potential domain name abuse, but
naturally do not identify the use of unregistered domain names.
Actually these services mostly make money selling registrations. Engage
VeriSign to do this and you will get wonderfull tools to predict look-alikes
you might want to register ordered by a variety of risk factors.
The real problem is that the number of registrations is unbounded.
4.2.1. Look-Alike Domain Names
Attackers may attempt to circumvent signing policy of a domain by
using a domain name which is close to, but not the same as the domain
with a signing policy. For instance, "example.com" might be replaced
by "examp1e.com". If the message is not to be signed, DKIM does not
require that the domain used actually exist (although other
mechanisms may make this a requirement). Services exist to monitor
domain registrations to identify potential domain name abuse and
advise on unregistered domain names. As there is no limit to the
number of look-alike domains the scope of such services with respect
to unregistered domain names is necessarily limited to those that
represent special risks.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html