The owner of the domain does get to state that legitimate messages are
signed and to insist that it is extreemly likely that messages without
authentication headers are forgeries intended to defraud the recipient.
And recipients should pay attention to that statement because ... ?
Because they don't want to waste time reading forged mail nor pass on forged
mail to their subscribers.
Some people who claim they are heavily phished will be right. Others will
not be, and there is no way to tell from the SSP who is ebay and who is
some dimwit who doesn't understand that you shouldn't say I sign
everything if you use Yahoogroups.
First, one needn't be phished (or wait to be phished) in order to be motivated
to protect one's domain (a key corporate asset) from unauthorized use. My
house has never been robbed, yet my doors all have locks. Second, the fact
that someone might errantly configure a "I sign all" when they shouldn't must
not stop us from providing benefit to those who will properly understand and
use the system.
--
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html