[EMAIL PROTECTED] wrote: > If a bad actor sends me a mail from a non DK compliant domain > and he tags the mail with a hash compiled to decode as being > from eBay, the sending IP would not match?
My idea was a phisher using his own throw-away-DKIM-domain of the day, pretending to be a mailing list. So he'd get an OKAY for his stuff (e.g. Earl's idea Sender or something else), but the From could be everything (as required for real lists). In that case SSP should offer something protecting the From no matter what wannabe-list-phishers try. Maybe a "From-binding trumps Sender-binding (or List-ID binding)" could do the trick. Then we're back to the questions about domains without SSP, but maybe I miss something important here (?) Bye, Frank _______________________________________________ ietf-dkim mailing list http://dkim.org
