On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:
And even if there was a DKIM signature, it is the BAD GUY'S signature,
which should cause it to go into the SPAM folder, with a large
phishing warning.
No. That misses the point entirely. The problem here is that one can take a
DKIM signed message that is signed by any entity and add additional
From/Subjects and the message may still appear to be the one signed by the
original entity even though it's been modified post-signature.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html