ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record doesnot exist?

2005-08-22 14:21:18
The problem of rfc2822.From spoofing is involves some
complex human issues and we do not have much track
record solving them.

I don't see what "complex human issues" are involved in
the simple wish as a domain owner to make known
whether use of that domain in a sender identity field
requires a signature or not.

Relying on the SSP to solve phishing problems doesn't deal with
lookalike domains, for example.

Understood, but consider this:

"From: arvel(_at_)ebay(_dot_)com" is not the same as "From: arvel(_at_)3bay(_dot_)com" and a DKIM verifier can easily tell the difference. I'm interested in using DKIM to protect _ebay.com_ from unauthorized use. I don't pretend to solve the phishing problem. It's enough for me if I can just get a handle on the unauthorized use of MY domain. That will make an impact. It will be an improvement (in my view) if those who today can so easily use ebay.com must tomorrow use 3bay.com instead.

--
Arvel



_______________________________________________
ietf-dkim mailing list
http://dkim.org