On 4/28/2010 10:36 AM, Jeff Macdonald wrote: > I think this has been covered before. And maybe I misunderstood you > again, but just to be sure: > > From:<[email protected]> > DKIM-Signature: ... d=phisher-i-dont.com; > > Say the signature validates. I'm pretty sure DKIM does not have any > assurances about the validity of the message contents, and that would > include the From header. It just validates that it came from the > signer.
The mere fact of signature validation must never, ever, ever, EVER be the basis for making a decision, except whether to pass the validation information on to a decision-making engine the employs ADDITIONAL information, such as reputation or independent registration (eg, an FBL.) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
