[ietf-dkim] Review of DKIM Sender Signing Practices
johnl at iecc.com
Tue Dec 4 11:38:38 PST 2007
> hsbc.co.uk != hsbc.com. That they have layer 8+ ties to one another
> is not a problem SSP is trying to solve.
Right. So forget that digression.
>> I said, I get a bunch of messages purporting to be from a bank I've never
>> seen before. This isn't lookalike, this uses the actual domain (in this
>> case hsbc.co.uk) but since I've never seen any mail from them before, good
>> or bad, I won't do the lookup and I'll never know that their SSP says they
>> sign all their mail.
Apparently, detecting forgery of exact domain names isn't a problem that
SSP is trying to solve either, unless you already happen to know that the
domain signs their mail.
I get a bunch of mail purporting to be from some bank. You said that
since I've never seen any signed mail from them, don't bother to look up
their SSP. Huh?
More information about the ietf-dkim