On 4/28/2010 10:36 AM, Jeff Macdonald wrote:
I think this has been covered before. And maybe I misunderstood you
again, but just to be sure:
From:<someone(_at_)i-trust(_dot_)com>
DKIM-Signature: ... d=phisher-i-dont.com;
Say the signature validates. I'm pretty sure DKIM does not have any
assurances about the validity of the message contents, and that would
include the From header. It just validates that it came from the
signer.
The mere fact of signature validation must never, ever, ever, EVER be the basis
for making a decision, except whether to pass the validation information on to
a
decision-making engine the employs ADDITIONAL information, such as reputation
or
independent registration (eg, an FBL.)
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html