[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-09 00:37:21
Please explain.  If a sender publishes a policy that says I sign all
mail and a receiver rejects, deletes, etc. all mail that isn't signed
by that sender, what is the phisher's transition path to work around

He uses another domain in his return address, like Steve said.  You
may carefully look at the return address in your mail, but most people
don't, and even if they do, bank marketing departments are unable to
resist the urge to invent a new domain for every new ad campaign so it
doesn't tell you much if you don't recoginize the domain.  (Quick, who

I already get a whole lot of phish for Paypal that doesn't have a return address, ditto for a lot of the bank phish I get.  I
see no reason that is going to change.

If there were a way to look up a domain and get back a response that
tells you whether it's a bank, that would be useful.  But SSP doesn't
do that.


NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>