On Wed, 08 Nov 2006 16:43:58 -0000, Steve Atkins <steve(_at_)blighty(_dot_)com>
On Nov 8, 2006, at 8:10 AM, Scott Kitterman wrote:
I agree that this does not help with look-alike domains, but for
that uses a sender's domain, I'm noy sure what you are getting at?
You point out the underlying issue nicely.
Well at least it is a start to force the phishers into using look-alikes.
Phishing doesn't have to use the real domain. There are *countless*
ways of phishing that don't require it. Even now, a lot of phish mails
don't bother using the real domain, even though there's no real
disincentive to do so in most cases. If there were even a minor
disincentive then they could move away from that today with
Many of them use their own domains, for which they could trivially
publish SSP data.
Which is where we need sites on which "reputations" can be queried. I
envisage these will operate rather like the present DNSBL blacklists. You
choose such a site that you trust, and then ask its advice on the action
you should take according to the signer, From address, etc. I would
suppose that phishers own domains would rapidly acquire a rather poor
reputation (and the advice should be to "delete all mail where the
signature succeeds, and even where it doesn't").
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
NOTE WELL: This list operates according to