On Wed, Oct 13, 2010 at 2:47 PM, Scott Kitterman
<ietf-dkim(_at_)kitterman(_dot_)com> wrote:
On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:
And even if there was a DKIM signature, it is the BAD GUY'S signature,
which should cause it to go into the SPAM folder, with a large
phishing warning.
No. That misses the point entirely. The problem here is that one can take a
DKIM signed message that is signed by any entity and add additional
From/Subjects and the message may still appear to be the one signed by the
original entity even though it's been modified post-signature.
Right. I had understood that and then forgot.
If DKIM is just viewed as providing an identifier and nothing more,
then this is a MUA problem.
If DKIM is viewed as providing more than an identifier, then this is a
DKIM problem.
--
Jeff Macdonald
Ayer, MA
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html