-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 11, 2007, at 11:52 AM, John L wrote:
>> SPP bankofamerica.com p=strict
>>
>> From: [EMAIL PROTECTED]
>> DKIM-Signature: [EMAIL PROTECTED]
>> DKIM-Signature: [EMAIL PROTECTED]
>> Subject: Get a great rate today!
>>
>> <body munged by mit that would cause bankofamerica signature to fail>
>>
>> You'd accept the message?
>
> That depends on what I think of dkim.mit.edu. If they had a
> history of sending good mail, sure. If not, probably not.
>
> It's probably worth reminding people yet again that the point of
> DKIM is to reliably tie a message to a domain, so you can use that
> domain's reputation to evaluate the mail. SSP doesn't change that.
>
> This example also reminds us that unrelated to SSP, real world
> filtering can make good use of other sorts of info like realistic
> (i.e., not self-published) estimates of how likely various domains
> are to be phish targets.
>
I agree completely with John.
The original use case that Miles gave ages back was a message
bouncing off of someone's alumni association.
It is not at all unreasonable to think that such a message could get
mangled, and therefore re-signed. If an MIT alum gets their mail
redirected, it would be normal, accepted operation that you'd accept
the message.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHXxIisTedWZOD3gYRAhG6AKDUEgUrekud1MkmqVg2beUfGWZqdwCgtaT0
dalkEAljDhTht4Y42v2tc68=
=nQec
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
