Hence, I could send a phish as:
"From: PayPal <michael(_at_)talamasca(_dot_)ocis(_dot_)net>"
Um, you must be new here. We've argued about this ad nauseam
over the years.
As Dave points out, DKIM does not "validate" anything other than that
the message you received is the same as the one the signer signed (for
a perhaps too complex version of "the same".) Anyone can sign a
message which contains this:
From: PayPal security <security(_at_)paypay(_dot_)com>
or even this:
From: PayPal security <security(_at_)paypal(_dot_)com>
Despite a great deal of wishful thinking to the contrary, DKIM
signatures are only useful to the extent you recognize the signer and
have a good or bad opinion of the mail they sign.
This is one of the reasons I've argued that ADSP is not useful; that
it is trivial to circumvent if it becomes widely enough used to be
an issue for phishers.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html