On Apr 4, 2008, at 1:04 PM, Steve Atkins wrote:
On Apr 4, 2008, at 12:57 PM, Douglas Otis wrote:
On Apr 4, 2008, at 12:28 PM, Seth wrote:
Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:
For domains I trust (including all banks I do business with), I
use SPF to allow stuff they send me to bypass spam filters. That
enables those filters to be much stronger for stuff that looks
like bank messages.
How would you suggest a spammer can render that moot?
Look-alike, cousin domains, and display names.
Are you not clear on how domain-name based whitelisting works?
If you want to whitelist mail that "comes from" example.com's
mailservers there are at least two ways of doing that.
One is to explicitly whitelist mail that comes from the IP addresses
of example.com's mailservers. That works fine, but requires each
receiving ISP to maintain those lists of IP addresses.
The other is to allow the owner of example.com to publish the IP
addresses of those mailservers, and for all the receiving ISPs to
use that list of IP addresses in order to whitelist email coming
from example.com's mailservers.
SPF is one way to do that. This will whitelist exactly the same set
of mail as the first approach, just with less management overhead
and less risk of fat-fingering data.
So, please explain how "Look-alike, cousin domains, and display
names" will render that moot.
SPF does not deal with what a person sees, although filtering rules
may attempt to extend checking to PRAs or Froms, but of course that is
not SPF. Of course, such extensions are not fool proof either. This
is made more dangerous when many recipients see just the display name.
People and filters are easily fooled. White-listing may bypass
filtering rules matching against possible phish. Whether this works
depends upon bad-actors cooperating and not defeating this
protection. A person can be convinced in subtle ways a message is
from an entity that it is not. We do a significant amount of phish
filtering, however this process _must_ deal with images and other
details related to what may catch a person's eye. This goes back to
the first sentence, people and filters are easily fooled. Distinctive
annotations are needed, but such annotations may also be spoofed and
make the recipient more prone. One of the greatest risks currently
leading people astray is spoofed email from one of their buddies
listed within their social network. Someone pretends to be someone
you know, and offers a link to something "interesting".
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg