Hector Santos:
Just so you know, no one, atleast not me, has said that SSP or DKIM-BASE
itself will protect against near-domain style spoofing A.K.A phishing.
Actually, the discussion has demonstrated that SSP can't detect
look-alike phishing, while DKIM-BASE can.
This involves a list of trusted DKIM-BASE signing domains (*).
Given this list, potential look-alike or exact-name phishing attempts
stand out because their signing domain isn't in the trusted list.
That list could be recipient maintained (a bit like the way SSH
asks for permission when it encounters an unknown hostkey). Or it
could be maintained externally.
I think that a list of trusted DKIM-BASE signing domains can go a
long way towards the elimination of look-alike and exact-name
forgeries.
Wietse
(*) Doug Otis wants to maintain more attributes, but these are for
features beyond the detection of unknown signing domains.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html