Statement is misleading
4.2.1. Look-Alike Domain Names Attackers may attempt to circumvent signing policy of a domain by using a domain name which is close to, but not the same as the domain with a signing policy. For instance, "example.com" might be replaced by "examp1e.com". If the message is not to be signed, DKIM does not require that the domain used actually exist (although other mechanisms may make this a requirement). Services exist to monitor domain registrations to identify potential domain name abuse, but naturally do not identify the use of unregistered domain names. Actually these services mostly make money selling registrations. Engage VeriSign to do this and you will get wonderfull tools to predict look-alikes you might want to register ordered by a variety of risk factors. The real problem is that the number of registrations is unbounded. 4.2.1. Look-Alike Domain Names Attackers may attempt to circumvent signing policy of a domain by using a domain name which is close to, but not the same as the domain with a signing policy. For instance, "example.com" might be replaced by "examp1e.com". If the message is not to be signed, DKIM does not require that the domain used actually exist (although other mechanisms may make this a requirement). Services exist to monitor domain registrations to identify potential domain name abuse and advise on unregistered domain names. As there is no limit to the number of look-alike domains the scope of such services with respect to unregistered domain names is necessarily limited to those that represent special risks.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
