On Fri, 10 Nov 2006 15:49:27 -0000, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
Charles Lindsey wrote:
On Thu, 09 Nov 2006 15:40:37 -0000, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
As soon as banks start signing their messages and there are credible
whitelists for their domain names, doesn't this end the ability for
phishers to use those domain names in the rfc2822.From field?
I fail to see how "credible whilelists" are going to work. You cannot
expect all the millions of honest internet users to get into such
DKIM is about domain names, not users. This means "organizations" and
not "users". I do not see why we cannot expect organizations to get on
whitelists.
Sure. s/millions of honest internet users/tens of thousands of domains
used by millions of honest internet users/.
whitelists. Rather, it seems that what is suggested is that there will
exists whitelists of "respectable banks".
There will probably be many different whitelists.
Which still leaves the question of which whitelist(s) you apply to each
particular mail. Granted that final delivery agents, who are likely to do
the verifying, can make a slightly better guess at this than the average
end user, it is still a near-impossible task.
But how do you tell, automatically, that a message is from a "bank",
and therefore ought to be ignored if it is not whitelisted?
Please review John Levine's note of today.
Sorry, I didn't identify any note from John relating to whitelists.
Teaching users to recognize a symbol on the screen that means "safe" is
not as difficult as teaching them to recognize the various forms of
deception used by phishers. (Again, see John Levine's note.)
The first thing you need to do is to ensure that the symbol appears with
high reliability on the message. There is nothing like too many false
negatives to put people off the whole idea.
And the second thing is to teach the users a simple rule to recognize
which messages might be expected to bear that symbol. "You tell me that I
should ignore messages without that symbol, but the messages I get from
Aunty Mary never have that symbol on them".
The third thing is to prevent the bad guys from causing that symbol to
appear (which depends on the exact nature of the protocol which puts it
there, which we have not yet examined yet).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html