This assumes that SSP tries to solve the lookalike domain problem.
Can we review the last couple of messages, please?
You said that a way to avoid making useless SSP lookups was only look up a
domain if you've previously seen a signed message from it.
I said, I get a bunch of messages purporting to be from a bank I've never
seen before. This isn't lookalike, this uses the actual domain (in this
case hsbc.co.uk) but since I've never seen any mail from them before, good
or bad, I won't do the lookup and I'll never know that their SSP says they
sign all their mail.
You then said well, if it's not a bank your users use, why do you care?
I still have trouble reading that as other than deliver the phish if you
don't think your users will be fooled.
How exactly is your heuristic supposed to work?
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html