[ietf-dkim] A question about DKIM and Phishing
stefan at gorling.se
Sat Aug 12 05:20:16 PDT 2006
>>"With DomainKeys, the absence of a verifiable digital signature
>>header in an E-mail purporting to be from a domain which has
>>a DomainKeys DNS record may indicate that that E-mail is a
>>forgery. Thus, E-mails may be divided into three classes:
>> * valid DomainKey signature: authentic
>> * invalid or missing DomainKey signature for a domain with the DNS
>> record: usually forged
>> * no DNS record or header: unknown status"
>>As I have understood it, you can not really find the
>>DomainKey-DNS-record unless you know the selector, which
>>you do not really unless you have a domainKey signature. Is
>>this correct or have I misinterpreted the drafts?
>Your deduction is correct. Dr. Watson. :-)
>It is similar to the current DKIM Policy discussions here, regarding the
>need to find the policy expectation for signing when the signature is not
>there, or there and not expected, and other policy inconsistency
Thank you, I will try to read back on that discussion as I'm studying
SPF and other anti-phishing mechansims right now where this plays a
vital part, which is why I posted the question.
More information about the ietf-dkim