Douglas Otis wrote:
Look-alike exploits exist without designated domains.
Sure, but they sail under their own look alike flag. They can't
"steal" the reputation of an ISP with millions of zombies for
their criminal purposes. Admittedly that reputation won't be
good, but still better than "eboy" = "unknown stranger".
Seldom does less information improve security however.
Make sure that "eboy" is treated as the "unknown stranger" it
is, even if isp.example.com signed it, and there's no problem.
An eboy-SSP trying to change this should be ignored.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html