ietf-mxcomp
[Top] [All Lists]

Re: DEPLOY: Over-running TXT dataspace in FQDN (-protocol I believe)

2004-08-27 02:47:18

Rand Wacker <rand(_at_)sendmail(_dot_)com> writes:

Add to this the fact that these corporations regularly outsource marketing
and other material delivery to third party firms.  Since they want these
messages to be branded as coming from their primary domain,

While this may be off-topic for this group, I believe that companies
doing this are not helping themselves at all when it comes to
protecting against phishing and other impersonation attacks. I know
that most people do not look at headers, but some of us do. Because I
am aware of phishing, when I receive an email which claims to come
from a financial institution or e-commerce site etc, I give it far
more scrutiny than I would most other emails. This includes looking
at the headers. Without Sender-ID, PRA, or other authentication
scheme (which is the status quo) it is almost impossible for the
recipient to determine whether or not a particular mail is genuine
when it is sent from a third party firm. So if they ensure that all
emails to customers (and potential customers) are sent from their own
servers they will make phishing detection and avoidance much simpler
both pre- and post- introduction of MARID checks.


<Prev in Thread] Current Thread [Next in Thread>