ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-17 15:35:27


Jeff Macdonald wrote:
On Thu, 2005-11-17 at 22:02 +0100, Eliot Lear wrote:

Douglas Otis wrote:

From: <my-account(_at_)my-isp(_dot_)com>, Mustang Sally 
<Sally(_at_)some-school(_dot_)edu>

Introducing similar visual confusion for list-servers the following will appear:

From: IETF-DKIM No-Reply <ietf-dkim-bounces(_at_)mipassoc(_dot_)org>, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>

Yes, this is valid 2822.  I wonder what it breaks...

While it is valid, can anyone point to it being actually being used?

And can't the threats document (& later, whatever relevant spec) not
just say "don't do that" and thus avoid the problem?

If so, then we're back to "normal" eboy threats which are already
included in the analysis, right?

S.


_______________________________________________
ietf-dkim mailing list
http://dkim.org