On Dec 7, 2007, at 9:47 AM, Scott Kitterman wrote:
On Friday 07 December 2007 12:38, Steve Atkins wrote:
On Dec 7, 2007, at 9:20 AM, Scott Kitterman wrote:
If they do, then Mike's point stands.
If they don't, then phishing is inherently OK. There really is no
Fallacy of the excluded middle.
Just because it's OK for people to use some variant on a webmail
interface to send mail "from" their email address does not make it
OK to criminally steal passwords or credit card details.
Phishing is about misrepresenting identity.
No, it's not. Phishing is "the activity of defrauding an online account
holder of financial information by posing as a legitimate company",
according to my dictionary.
Wikipedia also has a decent definition:
"In computing, phishing is an attempt to criminally and fraudulently
acquire sensitive information, such as usernames, passwords and
credit card details, by masquerading as a trustworthy entity in an
What you're doing is taking perfectly reasonable, normal behaviour
(the owner of an email address using a smarthost not controlled by the
domain owner to send email) and entirely different, criminal, behaviour
(pretending to be the domain owner for the intent of defrauding others,
stealing financial information and passwords and so on). You're
those into a single group of behaviour and calling it "phishing" - a
that everyone here knows is a description of very, very bad behavior.
You're taking the concept of "the domain owner should control all use of
that domain" - which is a reasonable position to start with, even if
wrong - and taken the argument to an extreme of categorizing behavior
that contradicts your argument as criminal.
It's not a compelling way to state your case.
NOTE WELL: This list operates according to