DKIM Deployment

[Antonio Hayes <>]

On Wed, 2008-11-19 at 22:00 +0100, Leif Johansson wrote:
> On Wednesday 19 November 2008 21:34:43 Jesse Thompson wrote:
> > Leif Johansson wrote:
> > > On Tuesday 18 November 2008 19:50:43 Jesse Thompson wrote:
> > >>  Indicate to the end-user that the message is DKIM signed, even if the
> > >> reputation of the sender isn't verified.
> > >
> > > So I'm wondering how to express the value to the end-user, i.e what is 
> > > it
> > > the end-user gets out of an indication that the email was signed if the
> > > sender reputation isn't known?
> >
> > Well, it's no different than PGP or S/MIME signing in that regard.  It
> > just lets the user know that the domain isn't forged.  They'd have to
> > make their own decision as to whether the domain is trustworthy.
> >
> > Jesse
> 
> How about this:
> 
> Email users want a clear indication that the sender domain was not forged 
> in 
> order to detect phising attempts.
> 
>       Cheers Leif

What about when that phishing attempt comes from a trusted domain? It
doesn't help much in that situation, and depending on how we decide to
handle signed mail, it may be counter productive.

For the vast majority of cases, your statement would hold true though.

Tony

Tony