On Tue, Nov 01, 2005 at 01:07:54PM -0600, wayne allegedly wrote:
A variation on this is:
From: "aw-confirm(_at_)ebay(_dot_)com" <badguy(_at_)badguy(_dot_)com>', "
On Behalf of " <aw-confirm(_at_)ebay(_dot_)com>
DKIM (like SenderID) only validates the first email address on the
From: line. The rest of the From: line can be used to help confuse
the situation. Of course, the bad actor won't pick such an obvious
name as "badguy(_at_)badguy(_dot_)com".
Stopping phishing is a hard problem. I know of no email
The presumption seems to be that an inbox accepts all mail - does that
have to be the case? What about mailboxes that are set up to only
accept mail from trusted domains?
Just as people create "junker" accounts to supply email addresses to
suspect web forms, I can easily imagine a world in which people might
register a transactional/trust account and ask their ISP to only allow
in trusted email.
Today people routinely manage multiple accounts (personal, work,
junker), so the notion of a "safe" account doesn't seem to be too much
of a conceptual leap.
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org