On 10/15/2010 06:51 AM, Charles Lindsey wrote:
On Thu, 14 Oct 2010 18:23:21 +0100, Michael Thomas<mike(_at_)mtcc(_dot_)com>
wrote:
I would hope so because this would be a really stupid thing to do.
Without the next line of defense -- virus, malware, spam, phishing --
you'd be setting your users up for big problems. Just because it's
DKIM signed from a good source doesn't mean it's not still evil.
Have you ever seen an evil message from Ebay?
s/Ebay/Yahoo!, etc, yes.
And yet the current protocol will allow an evil mail _apparently_ from
Ebay to appear, with no means for the recipient to detect the difference.
They're not apparently from them. They *are* from them.
DKIM is not any indication of whether the content is evil or not,
per se. It just says who to complain to if it is evil.
And as regards using current malware detection software, can you please
explain to us how that is supposed to catch an eveil mail signed by a
brand-new throwaway domain that has not yet had time to acquire any
reputation, good or bad?
Irrelevant for the current discussion.
Mike
That's why all of this hand wringing is silly.
We are not hand wringing. We are pointing out a protocol that, when
applied in the current (and likely future) Real World, fails to deliver
what it was intended to deliver.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html