-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 11, 2007, at 11:52 AM, John L wrote:
SPP bankofamerica.com p=strict
From: loans(_at_)bankofamerica(_dot_)com
DKIM-Signature: i=(_at_)dkim(_dot_)mit(_dot_)edu
DKIM-Signature: i=(_at_)dkim(_dot_)bankofamerica(_dot_)com
Subject: Get a great rate today!
<body munged by mit that would cause bankofamerica signature to fail>
You'd accept the message?
That depends on what I think of dkim.mit.edu. If they had a
history of sending good mail, sure. If not, probably not.
It's probably worth reminding people yet again that the point of
DKIM is to reliably tie a message to a domain, so you can use that
domain's reputation to evaluate the mail. SSP doesn't change that.
This example also reminds us that unrelated to SSP, real world
filtering can make good use of other sorts of info like realistic
(i.e., not self-published) estimates of how likely various domains
are to be phish targets.
I agree completely with John.
The original use case that Miles gave ages back was a message
bouncing off of someone's alumni association.
It is not at all unreasonable to think that such a message could get
mangled, and therefore re-signed. If an MIT alum gets their mail
redirected, it would be normal, accepted operation that you'd accept
the message.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHXxIisTedWZOD3gYRAhG6AKDUEgUrekud1MkmqVg2beUfGWZqdwCgtaT0
dalkEAljDhTht4Y42v2tc68=
=nQec
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html