dunno if yer keeping up
latest dkim news
The scam I have described involves the use, by the phisher, of a
DKIM-signed (by himself) email with two From: headers, which is intended
to fool verifiers into not spotting that the first signature should have
triggered an ADSP lookup which would have revealed that the first From:
was 'discardable'.
Naturally, the phisher signs with a throwaway domain that has not yet
acquired any reputation, good or bad.
of course the second displayed header can be paypal.com and a mua might display dkim verified
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 55 years. meep