[ietf-dkim] Review of DKIM Sender Signing Practices
johnl at iecc.com
Tue Dec 4 11:21:53 PST 2007
> This assumes that SSP tries to solve the lookalike domain problem.
Can we review the last couple of messages, please?
You said that a way to avoid making useless SSP lookups was only look up a
domain if you've previously seen a signed message from it.
I said, I get a bunch of messages purporting to be from a bank I've never
seen before. This isn't lookalike, this uses the actual domain (in this
case hsbc.co.uk) but since I've never seen any mail from them before, good
or bad, I won't do the lookup and I'll never know that their SSP says they
sign all their mail.
You then said well, if it's not a bank your users use, why do you care?
I still have trouble reading that as other than deliver the phish if you
don't think your users will be fooled.
How exactly is your heuristic supposed to work?
More information about the ietf-dkim