On 2006-01-31 08:30, [EMAIL PROTECTED] wrote:
If I do not publish any key records and a bad actor whips up an email purported to be from me with a fake signature attached, a non dkim compliant mta may have a rule that states "signed messages are probably okay" that might bypass some spam checking software. Before DKIM is fully adopted/deployed expect to see this happen,
1. As previously mentioned, anyone making reputation decisions based on an unauthenticated DKIM signature will quickly learn (if they're paying any attention at all) that they have made a mistake.
2. the "spammers have co-opted DomainKeys wtf omg" story was last year: http://www.eweek.com/article2/0,1759,1732576,00.asp?kc=EWNKT0209KTX1K0100440 Re #2, the sky has not yet fallen. -- J.D. Falk, Anti-Spam Product Manager Yahoo! Communications Platform Team _______________________________________________ ietf-dkim mailing list http://dkim.org