----- Original Message -----
From: "John Levine" <johnl(_at_)iecc(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
The best way to help end-users avoid getting phished it to not accept
phishing messages for delivery. DKIM-SSP where strict policy
statements are published offer a mechanism for this.
I get a message from security(_at_)ebay-verify(_dot_)com(_dot_) It has a
valid
signature. I check the SSP for ebay-verify.com, which says "MAJOR
PHISHING TARGET, ACCEPT ONLY WITH SIGNATURE." So I drop it into the
recipient's mailbox with a gold star on it.
What have we just accomplished?
Nothing and it would be DANGEROUS to do so.
But read the subject title:
SSP = FAILURE DETECTION
If ebay-verify.com's SSP has exposed an inconsistency in the signature, then
it can eliminate the JUNK with no HARM done and with 0% FALSE POSITIVES.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html