On Wed, Nov 16, 2016 at 4:17 AM, Martijn Grooten <mart...@lapsedordinary.net > wrote:
> My understanding is an attack where the email is sent to an outside > address owned by the sender, who then gets a copy of the email, signed > by the provider who didn't think the email was bad. > > Signing an email that you know is bad does indeed sound like a bad > idea. There's always some time window between a spammer discovering a new technique that gets past filters and those filters learning about the new attack via whatever ML is in use. That might be when this attack is most effective. You can't label as spam that which you don't identify as spam. -MSK
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html