On Wed, Nov 16, 2016 at 4:17 AM, Martijn Grooten
<martijn(_at_)lapsedordinary(_dot_)net
wrote:
My understanding is an attack where the email is sent to an outside
address owned by the sender, who then gets a copy of the email, signed
by the provider who didn't think the email was bad.
Signing an email that you know is bad does indeed sound like a bad
idea.
There's always some time window between a spammer discovering a new
technique that gets past filters and those filters learning about the new
attack via whatever ML is in use. That might be when this attack is most
effective. You can't label as spam that which you don't identify as spam.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html