What it doesn't do is solve "froggery" (myriads of look-alike domains,
which your proposal does not solve) nor does it solve the fact that
most
of the time the user doesn't even notice what's in the From: line (nor
does your proposal). Remember that many mail readers (outlook
included)
DO NOT SHOW YOU THE EMAIL ADDRESS in the From: line by default.
Sigh.
APWG just published a report that said that less than 20% of phishes
had
the correct phished-for domain in the From line... Cutwail is pushing
a
lot of such things right now.
Indeed. What the OP tries to solve is something that is only relevant to those
phishing emails that:
- are not already blocked by spam filters;
- are not already thrown away as 'phishing' (or simply: as 'not my bank') by
the recipient;
- show the From: address in the victim's MUA;
- do use the phished-for domain (and not a subtle variant thereof) in the From:;
- have a victim that actually checked that From: line and concluded it was
legitimate because of that.
How many emails are we talking about annually? And, putting the fact that it
may not work well or have unwanted side-effects aside, what would the cost of
these changes, extra lookups etc. be?
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg