"McDowell, Brett" <bmcdowell(_at_)paypal(_dot_)com> writes:
Priority: it's more important to us that cyber criminals not be
systemically enabled to leverage MLM systems to bypass email
authentication flows and consumer protection policies designed to
block their attacks... the attacks that, if not for the MLM
intermediary, would have been blocked thanks to DKIM+ADSP and the
voluntary compliance to ADSP policies by certain ISP's/Mailbox
Providers.
Though is the fact that a mail arrives via an MLM not also a very strong
contra-indication of the validity of nearly all mail which would
constitute such an attack? Irrespective of any other factors, the mere
fact that it arrives via an MLM is an almost certain indication that any
mail which purports to tell you that you have won a lottery, been given
a bequest, have a problem with your account, need to contact a company
about some purchase or other problem etc, is almost 100% certain to be
either a phishing attack, a forgery or a scam. In almost all cases,
genuine mail sent via an MLM is not of the nature which requires such
authentication or falls within consumer protection polices.
To take your postings here as an example. Mail from PayPal about
people's accounts, policy changes etc needs to be protected and pass
authentication. However, whether or not your postings here authenticate
as genuinely coming from PayPal is not really important and in no way
affects the validity of the points you make in your posts.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html