----- Original Message -----
From: "John Levine" <[EMAIL PROTECTED]>
To: <[email protected]>
>> The best way to help end-users avoid getting phished it to not accept
>> phishing messages for delivery. DKIM-SSP where strict policy
>> statements are published offer a mechanism for this.
>
> I get a message from [EMAIL PROTECTED] It has a valid
> signature. I check the SSP for ebay-verify.com, which says "MAJOR
> PHISHING TARGET, ACCEPT ONLY WITH SIGNATURE." So I drop it into the
> recipient's mailbox with a gold star on it.
>
> What have we just accomplished?
Nothing and it would be DANGEROUS to do so.
But read the subject title:
SSP = FAILURE DETECTION
If ebay-verify.com's SSP has exposed an inconsistency in the signature, then
it can eliminate the JUNK with no HARM done and with 0% FALSE POSITIVES.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
