OK. What ADSP adds is the ability to assign reputation to a specific email
claiming to originate from a specific domain. Except for "unknown".
No, ADSP adds the ability for senders to make unverified assertions about
their signing practices. Unless you already have some knowledge about the
domain, you have no idea whether it would be useful to believe it.
It might be nice if paypal could publish in the DNS a set of related
domains, that it is willing to share the reputation of paypal.com
Why would they do that?
For brand reputation protection - you've cut the relevant quote that I was
responding to. It's not really a DKIM issue,
Oh, if we agree it's unrelated to DKIM, I agree that there's all sorts of
hacks that might, hypothetically, help deter phishing, maybe. In the
meantime can we agree that a domain with a good reputation like paypal
should sign all its mail, just like it does now?
but if I get email from paypal.co.uk, then how do I determine whether
that email is from paypal?
That appears to be a mistake, that they sign mail from paypal.co.uk with
d=paypal.co.uk rather than d=paypal.com. I say this because when I did a
transfer from my UK account, some of the mail they sent was signed with
paypal.co.uk, some with paypal.com. I hope you agree that mail signed
with d=paypal.com is paypal, regardless of what the other headers say.
If I send you a Paypal payment, they will send you a mail with my
return address announcing the payment. That message is signed with
d=paypal.com because Paypal takes responsibility. (They really do
this, I just tried it.)
They use a third party return-path?
Once again, DKIM has nothing, repeat nothing, to do with anything in the
envelope. Perhaps you are confusing it with SPF again. If you want to
try it yourself, send me private mail and we can send each other matching
tiny payments between out UK accounts and see what the mail looks like.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html