dkim-ops
[Top] [All Lists]

Re: [dkim-ops] subdomain vs. cousin domain (when deploying"discardable")

2010-09-13 11:58:06

On Sep 9, 2010 at 14:04 -0600, McDowell, Brett wrote:
=>On Sep 9, 2010, at 3:10 PM, Derek Diget wrote:
=>> What does entries that can't get a different domain in the same TLD do?  
=>> i.e. .edu are restricted to one domain per entity by the registrar.  
=>> (Yes, they can get a domain in a different TLD, but is that what we 
=>> really want them to do?)
=>
=>Ah, right!  This is also a problem for .gov organizations.  I suppose 
=>clarity is the upside of having choice removed ;-)
=>
=>> 
=>> =>The case we are discussing is a situation where the corporate users are
=>> =>using the same domain as the transactional domain and you need to do
=>> =>something to address the conflict between strict policies to protect
=>> =>against (transactional) phishing and corporate use which results in mail
=>> =>going through lists, etc. with the commensurate risk of authentication
=>> =>breakage.
=>> 
=>> We see ourselves in the same place, though it will take months/years to 
=>> get there.  We have user and transactional (billing notices, class 
=>> registration, etc) e-mail on the same domain.
=>> 
=>
=>I think the phrase missing from Mike's comments above is "using the 
=>same [highly phished] domain as the transactional domain".  So if 
=>wmich.edu is not a target for phishing, you may not even want to 
=>advertise "discardable" as your policy.  The 
=>broken-signature-equals-lost-mail problem is only for those of us 
=>advertising "discardable" (in ADSP or any other sort of arrangement.

Going a little off thread... I had a discussion with our anti-spam 
vendor a few years ago when phishing started its rise.  They offered a 
phishing-alert program where they would notify us if phishing messages 
abusing our domain were hitting their trap addresses.  The program was 
of no use to us because the only addresses that received phishing 
messages with our domain were our own users.  (Why would a phisher 
send an e-mail as a wmich.edu identity to a <free-webmail-provider>?  
If they did, what would they ask for?)

"Highly" lacks relative scale. :)  No, we are not Paypal, Amazon, E-Bay, 
BoA, but we do receive our share of messages to our user's that pretend 
to be from us.  I see kind of two versions of phishing. (I know everyone 
on the list knows what phishing is so apologizes in advance.)  The big 
(volume by phished domain) one is were the "highly" valued domains 
(Paypal, Amazon, E-Bay, BoA, etc) are being phished.  These are e-mails 
sent to just about every system that accepts e-mail.  This is typically 
what people think of when talking about phishing.  The other much 
smaller (volume per phished domain) version is where the domain being 
impersonated is also the receiving domain.  For those sites the second 
type of phishing might be more important as it involves the security of 
their own users.  We (wmich.edu) fit into that second case most of the 
time.  Again, we are not phished in the first version as far as I know, 
but we do send billing statement, enrollment reminders and other 
transactional messages that could be used as phishing material and we 
are just watching how best to keep those messages from becoming phishing 
material in the future.

Since, we are nowhere close to being able to restrict incoming e-mail 
from the Internet that is supposedly from us.  (We have too many user's 
still using their ISP's MSA, departments using ESPs that use our domain 
in their RFC5321.From and other smaller issues we are working through.)  
We don't want to use DKIM+ADSP today, tomorrow, or next week, but are 
watching it for suitability in the future.


Enough of my rambling...back to the main thread.... :)


-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops