Al wrote:
Without any sort of assumption or ability to limit what's allowed
under
spamresource.com, I think ADSP is much less useful. My concern is that
if I can't restrict or cause failures automatically outside of a
specific subdomain or host, it does me little good to sign on
signed.spamresource.com when a phisher can fake
signed2.spamresource.com
and not automatically be failed by checking sites.
It /will/ automatically be failed by DKIM (bad or no signature being
equivalent), and by any modern anti-spam system (because the host or
domain doesn't exist.) I can't imagine any situation where an MTA
administrator will choose to disable all other checks, and rely solely
on ADSP.
If I'm understanding the issues at hand. The thread is a bit difficult
to follow.
Yeah, I don't think there's much point in following it closely anymore.
The really really smart people appear intractable, and the rest of us
aren't making much sense.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html