> OK. What ADSP adds is the ability to assign reputation to a specific email > claiming to originate from a specific domain. Except for "unknown".
No, ADSP adds the ability for senders to make unverified assertions about their signing practices. Unless you already have some knowledge about the domain, you have no idea whether it would be useful to believe it. >>> It might be nice if paypal could publish in the DNS a set of related >>> domains, that it is willing to share the reputation of paypal.com >> >> Why would they do that? > > For brand reputation protection - you've cut the relevant quote that I was > responding to. It's not really a DKIM issue, Oh, if we agree it's unrelated to DKIM, I agree that there's all sorts of hacks that might, hypothetically, help deter phishing, maybe. In the meantime can we agree that a domain with a good reputation like paypal should sign all its mail, just like it does now? > but if I get email from paypal.co.uk, then how do I determine whether > that email is from paypal? That appears to be a mistake, that they sign mail from paypal.co.uk with d=paypal.co.uk rather than d=paypal.com. I say this because when I did a transfer from my UK account, some of the mail they sent was signed with paypal.co.uk, some with paypal.com. I hope you agree that mail signed with d=paypal.com is paypal, regardless of what the other headers say. >> If I send you a Paypal payment, they will send you a mail with my >> return address announcing the payment. That message is signed with >> d=paypal.com because Paypal takes responsibility. (They really do >> this, I just tried it.) > > They use a third party return-path? Once again, DKIM has nothing, repeat nothing, to do with anything in the envelope. Perhaps you are confusing it with SPF again. If you want to try it yourself, send me private mail and we can send each other matching tiny payments between out UK accounts and see what the mail looks like. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
