Al asked: > OK, let's assume ADSP has no "tree walking" or "subzone inheritance" > feature. A sender is sending legitimate mails with > customercare.bigbank.com with DKIM and an ADSP policy. If a phisher > sends mail with a PRA of customer-care.bigbank.com, that would not be > signed, and it would not fall under any ADSP policy. > > In your perfect world, as an imaginary receiver, how would you discern > between the two sets of messages?
That's easy: any string comparison will tell you that customercare.bigbank.com != customer-care.bigbank.com. So, assuming no treewalking assumption in my reputation system, they'd each have entirely separate reputations. But reputation is never based solely on one tiny bit of information -- I'd also check to see if the domain exists. If it doesn't, that would very likely result in rejection before even getting to any reputation algorithm. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
