Al,
Al Iverson wrote:
My
concern is that if I can't restrict or cause failures automatically
outside of a specific subdomain or host, it does me little good to
sign on signed.spamresource.com when a phisher can fake
signed2.spamresource.com and not automatically be failed by checking
sites.
I believe there is no disagreement about whether the capability would be nice.
This is all about the technical feasibility, given real-world DNS constraints.
So let's take your underlying assumption: What, exactly, is the scenario that
uses a faked domain name and is effective?
We are probably going to find different assumptions about how things are
processed.
What do you believe happens after they slip past this ADSP filter, that makes
this fake use damaging?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html