On Saturday 09 September 2006 13:26, John Levine wrote:
The best way to help end-users avoid getting phished it to not accept
phishing messages for delivery. DKIM-SSP where strict policy
statements are published offer a mechanism for this.
I get a message from security(_at_)ebay-verify(_dot_)com(_dot_) It has a
valid
signature. I check the SSP for ebay-verify.com, which says "MAJOR
PHISHING TARGET, ACCEPT ONLY WITH SIGNATURE." So I drop it into the
recipient's mailbox with a gold star on it.
What have we just accomplished?
A bad thing. Don't put the gold star on it. That would be a mistake.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html