John gave one example but I personally don't think that is the best way
to do it.
This is no different than the issue that we at AG faced in 2007 with the
Storm Botnet heavily abusing our major brands.
As long as we sent mail that used someone else's domains for the From
and the Mail From, we weren't in a position to participate in
authentication systems and efforts. I phrase it this way because (just
one example) many domains will not accept mail that claims to be from
their domain if it didn't originate from their own servers.
So, using americangreetings.com, the Mail From and the From on our card
notifications is always ecards(_at_)americangreetings(_dot_)com(_dot_) The
about the sender is provided in the subject line and the body of the
message so that the recipient knows who created the card. No enduser
personalization other than name and email address is provided in the
notification email so as to provide consistency in the emails. This
makes it easier for mailbox providers as well as recipients to evaluate
the card notification for validity.
Without going into detail about our click through rates and the overall
reduction in phishing/brand abuse, I will say that this works from both
a business and a security perspective.
I will say that many brand owners are unwilling to make changes to their
infrastructure to implement this approach (vs sending as the enduser
email or "on behalf of" the sender email) until their brand is abused.
It really is that simple. In many (most?) cases it requires changes to
back end systems and that takes resources. The other factor is that it
is not perceived as a problem until after it becomes a problem.
From: McDowell, Brett [mailto:bmcdowell(_at_)paypal(_dot_)com]
Sent: Monday, May 03, 2010 11:54 AM
To: MH Michael Hammer (5304)
Cc: dcrocker(_at_)bbiw(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] besides mailing lists...
On May 3, 2010, at 11:06 AM, MH Michael Hammer (5304) wrote:
And it is easy enough to do "F2F" in a manner that does not break
NOTE WELL: This list operates according to