[EMAIL PROTECTED] (Wietse Venema) writes: > My point is that SSP alone cannot distinguish between mail from my > Bank and mail from a Criminal who pretends to be a slightly different > bank. It distinguishes only the stupid criminals who send mail in > the Bank's name without signature by the Bank.
Surely the Bank's SSP means that the criminal will not be able to send mail in the banks name as he will not have access to the Bank's signing key. Therefore such mail, irrespective of how stupid or clever the criminal is, would not carry the Bank's signature. The criminal would, of course, be able to send from a domain which makes you think, erroneously, that it comes from your Bank - which is a different problem entirely. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html