ietf-asrg
[Top] [All Lists]

[Asrg] antiphishing idea

2011-11-17 12:33:05
Hi,

I dont know if this is exactly the right place for discussing my idea
but I want to do a little bit of brainstorming with experts. I come
with a "crazy" thing but the logic is not so bad ! Please dont tell me
"you are crazy" ! .....at least at first time! :p

Users believe in what they read in the header from of the mail ! Users
don't also know about the existence and differences between envelope
and header From. And they also don't know that those addresses can be
forged. They blindly believe !

My idea is to invert the logic of DNSBLs. That is, instead of asking
third parties about spam/phishing why not asking the domain involved
in envelope and header itself about non-spam ?

Domains should have to publish in their DNSs the message-id (among any
other thing) through a TXT or A record of any legit mail sent by them.
The TTLs of those records can be adjusted to compensate for queued
mails, etc.

When you receive a mail from A and "aparently" from B you can query A
and B DNSs looking for the message-id the mail has. If you have a
nxdomain or whatever error from them you can score the mail as
phishing! ..on the other hand if you have a hit from at least one of
them you can be confident that this is the real domain that sends that
mail or it sends it on behalf the real address!

The check against both is to account for multi identities in what one
mailer sends in behalf of another (like gmail). You can also check
against any internal hop in the Received: chain in order to avoid
breaks in the trust chain by means of plain forwarding (as happens in
SPF without SRS).

I know this requires all to implement it in order to work (also like
SPF and DKIM).

Time to think !

Cheers !
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>