hsbc.co.uk != hsbc.com. That they have layer 8+ ties to one another
is not a problem SSP is trying to solve.
Right. So forget that digression.
I said, I get a bunch of messages purporting to be from a bank I've never
seen before. This isn't lookalike, this uses the actual domain (in this
case hsbc.co.uk) but since I've never seen any mail from them before, good
or bad, I won't do the lookup and I'll never know that their SSP says they
sign all their mail.
Apparently, detecting forgery of exact domain names isn't a problem that
SSP is trying to solve either, unless you already happen to know that the
domain signs their mail.
I get a bunch of mail purporting to be from some bank. You said that
since I've never seen any signed mail from them, don't bother to look up
their SSP. Huh?
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html