A DKIM signed message can be replayed from other SMTP clients. This is
a desirable feature, but permits abuse when receivers base message
acceptance upon (the reputation of) the DKIM domain.
Are you talking about the scenario wherein you send a message in a
legitimate way and capture the signed message (for instance, you send a
message from your mail-abuse.org address to your own yahoo.com address),
and then you re-send that message, perhaps as spam, from some other
domain (say, spam-is-profitable.com)?
Barry
--
Barry Leiba, DKIM working group chair (leiba(_at_)watson(_dot_)ibm(_dot_)com)
http://www.research.ibm.com/people/l/leiba
http://www.research.ibm.com/spam
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html