John L wrote:
We are concerned about phishing attacks against Cisco employees via
spoofs purporting to come from Cisco itself.
Oh, OK, then your trusted signer list includes cisco.com.
Not really, unless you consider SSP to be a "trusted signer list".
(Until a bad
guy uses a zombie inside your firewall to send signed cisco.com phishes,
but you can pretend to be surprised when that happens.)
This is actually a feature not a bug: we'll at least _know_ that the
phisher is coming from inside.
By signing all our mail and having a policy that we sign all our mail,
we can be reasonably certain that mail without a valid signature isn't
from Cisco and annotate the message accordingly. This works just fine
with the exception of mailing lists.
How many phishes have you ever seen that were sent through mailing
Irrelevant. Spoofs/phishes and mailing lists corruption are
indistinguishable to a verifier. And we can be guaranteed that
if you need to merely put a Sender: into a piece of mail to get
past the checking, phishers will most certainly do that. Which
is why we don't do allow that.
From what I can tell right now, for the "typical" mailing list, it's
going to validate.
Mail from this list won't validate, you know, and I doubt that many
others will, but I know I'm not going to make any headway in that
Every piece of mail I've sent this morning has validated. Really.
In any event, Cisco will have to decide whether the actual cost of
forbidding their employees to participate in lists that break signatures
outweighs the theoretical benefits of blocking list-borne phishes. If
it does, you might consider adding known well-behaved list hosts to your
trusted signer list. I suspect you won't have to compile that list on
your own, since we all plan to add them to our lists, too.
We have no "trusted signer list". And we're not forbidding anything,
though other companies may and not blink an eye.
NOTE WELL: This list operates according to