SPF does allow us to spam filter out strings such as E-Bay
Customer Support
in the subject line if they are not from the real E-Bay
Customer support. At
the moment that is not possible. Sure this is ad-hoc.
I disagree that the help that SPF provides to validating the From:
header is ad hoc.
Filtering out the work arround attacks to fill in the gap sure is ad-hoc.
I can recognize real E-Bay customer support using SPF. But removing
phishing attacks "abc(_at_)notebay(_dot_)com (Ebay Customer Support)" requires
special treatments for the likely phisher attack victims.
I am in the business of real network security systems. In that world most
of the theory that Steve and co will tell us just plain does not work.
You have no choice other than doing ad-hoc fixes.
The reality of the Internet is broken and there is no time to wait for
2.0.
I think that here we should identify a requirement and an issue
[Requirement-Phishing]
Prevent Phishing Attacks
[Issue 3] Security Vulnerabilities
[Issue 3.1] Use of false name string in phishing attack
Many email clients (e.g. Outlook) display the realname email string
rather than the email address. This behavior is consistent with RFC 822 and
RFC 2822. This means that an attacker may still impersonate the realname of
an email sender even if the email address is valid.
So an authentic E-Bay email would look something like
From: admin(_at_)e-bay (E-bay Customer Support) +----+ +----+
|VRSN| |EBAY|
| C3 | | |
+----+ +----+
Would the From: header even need to be validiated? Couldn't you just
use s/mine and trigger off the person who signed the message?
That would be another option, if the recipient is S/MIME capable (most
people apart from Eudora users).
The problem with S/MIME envelope is that it is invasive and there are users
that do not have the ability to process it. This would not be a significant
problem if there was a facility for discovery of MUA capabilities.
The answer is likely to be an S/MIME detached signature blob in a message
header.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡