John L wrote:
Just to make sure I don't misunderstand anything, let's assume that
visasecurity.net doesn't publish any SSP, either because it doesn't
exist (its current state) or it's registered as a throwawy by someone
who doesn't publish any DNS records.
Then these headers are SSP compliant and not Suspicious, regardless of
anything that paypal.com publishes, right?
From: visasecurity.net (Visa Security), security(_at_)paypal(_dot_)com (Paypal
Security)
Sender: anyone(_at_)anywhere(_dot_)org
Subject: An Urgent Message from Your Friends at Paypal and Visa
(assuming you mean security(_at_)visasecurity(_dot_)net instead of just
visasecurity.net)
If visasecurity.net does not exist, the message is not SSP compliant (is
Suspicious) because it fails the domain existence test.
But yes, if it is registered as a throwaway and doesn't publish SSP, it
will be SSP compliant (not Suspicious), presuming some DNS record for
the domain exists (at least an NS record or something). Hopefully Visa
has engaged the use of a domain registration monitoring service to
protect against this.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html