ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Collection of use cases for SSP requirements

2006-11-09 05:36:34
On Wed, 08 Nov 2006 16:43:58 -0000, Steve Atkins <steve(_at_)blighty(_dot_)com> 
wrote:

On Nov 8, 2006, at 8:10 AM, Scott Kitterman wrote:

I agree that this does not help with look-alike domains, but for phishing
that uses a sender's domain, I'm noy sure what you are getting at?

You point out the underlying issue nicely.

Well at least it is a start to force the phishers into using look-alikes.

Phishing doesn't have to use the real domain. There are *countless*
ways of phishing that don't require it. Even now, a lot of phish mails
don't bother using the real domain, even though there's no real
disincentive to do so in most cases. If there were even a minor
disincentive then they could move away from that today with
minimal inconvenience.

Many of them use their own domains, for which they could trivially
publish SSP data.

Which is where we need sites on which "reputations" can be queried. I envisage these will operate rather like the present DNSBL blacklists. You choose such a site that you trust, and then ask its advice on the action you should take according to the signer, From address, etc. I would suppose that phishers own domains would rapidly acquire a rather poor reputation (and the advice should be to "delete all mail where the signature succeeds, and even where it doesn't").

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>