a forged email pass anyway
No antiforgery scheme can defend against fakes that only sort of match
the forgery target. We call this the paypai problem. The only
approach I can see that has any hope of success is to figure out some
way to mark real mail from a category of targets (banks, say) in a way
that bad guys can't fake.
But this is specific to each target group. The fact that mail from me
doesn't have a seal saying that it's from a bank doesn't mean that
it's forged or otherwise bad.
I think is a misunderstanding of a huge part of the operators
Is it? Have you evidence, even if it is only anecdotal, that such a
misunderstanding exists?
I'm with Martijn. Other than the test message you sent the other day,
I don't think I have ever seen a phish that used a subdomain of the
target. Ever.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg