>If the policy adoption level is so low and indecisive ("unknown") how
>can mail receiving domains detect spoofing on all but the ~0.1% of
>domains that deploy policy other than "unknown"? Even on the ~0.1%
>what action can they take when signature breaks are common?This line of discussion has been rehashed many, many, many times already, so it would be a good idea to look at the archives. Short summary: DKIM and ADSP offer no meaningful defense against spoofing. * A few domains are spoof targets, but the vast majority are not. For that vast majority, even if they do try to sign their mail, the myriad ways that legit mail can arrive with a broken signature makes it a poor practice for recipients to do anything with a broken or missing signature other than ignore it. * At this point, the only significant spoof targets that sign all their mail are Paypal and ebay. If you want an ADSP-like feature in your spam filters, you're better off just checking those domains than checking everyone who imagines that they are a) a target and b) sign all their mail. * Bad guys can and do trivially circumvent any ADSP-like feature by using lookalike domains, from line comments that resemble e-mail addresses, and a variety of other well known techniques. The way DKIM can be useful to deter phishing is by helping recipients to recognize the small fraction of mail that is good, not the vast flood of bad mail. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
