Just to make sure I don't misunderstand anything, let's assume that
visasecurity.net doesn't publish any SSP, either because it doesn't exist
(its current state) or it's registered as a throwawy by someone who
doesn't publish any DNS records.
Then these headers are SSP compliant and not Suspicious, regardless of
anything that paypal.com publishes, right?
From: visasecurity.net (Visa Security), security(_at_)paypal(_dot_)com (Paypal
Security)
Sender: anyone(_at_)anywhere(_dot_)org
Subject: An Urgent Message from Your Friends at Paypal and Visa
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html