On 11/18/2005 22:18, Douglas Otis wrote:
On Fri, 2005-11-18 at 09:47 -0800, Douglas Otis wrote:
On Nov 18, 2005, at 7:45 AM, Michael Thomas wrote:
And the title of this thread is bogus.
I may have missed explaining how a binding approach removes the eye-
test. Consider binding information has been retained for important
correspondents within a DKIM aware MUA. When subsequent messages arrive
offering the same set of identifiers, (based upon binding assurances
such as email-address, signing-domain, and perhaps opaque-identifier,)
this message would be highlighted in some fashion. When a look-alike
email arrives, it would not be highlighted.
At that point, the user would be alerted and could then examine the
identifiers using a fixed character-set to decide the disposition of the
message, and whether the identifiers should be included within the
profile for that entity.
That or the title of the thread is bogus.
I could equally say if we were trying your approach something like Doug's
non-SSP security relies upon every MUA in the world being upgraded and is
useless until then.
What you appear to be saying, once again, is that SSP is useless because it
isn't a universal solution to phishing.
Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org