On Nov 11, 2006, at 11:31 AM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:
The FDIC certifies a bank and authorizes them to use a logo, won't the
phishers immediately certify their mail with that logo?
Yes. But that logo will be in the body of the message, not in the
MUA where it would be for a real bank messge.
Think web browser-ssl-padlock or web browser coloured address
bar, rather than an attached gif.
Cheers,
Steve
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)dkim(_dot_)org [mailto:ietf-dkim-
bounces(_at_)dkim(_dot_)org] On
Behalf Of John Levine
Sent: Saturday, November 11, 2006 1:35 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Collection of use cases for SSP requirements
But how do you tell, automatically, that a message is from a
"bank",
and therefore ought to be ignored if it is not whitelisted?
Your computer doesn't tell automatically, you tell by looking at it.
This is a task that humans do much better than computers do. As I
said:
On the other hand, if we encourage whitelists of real banks, the
user's model is like this:
1) Incoming message appears to be from a bank.
2) Does the MUA show the golden dollar sign that means it's from a
real bank?
3) Done.
As I hope is obvious here, I'm assuming that existing organizations
that know who the real banks are, such as the FSA in the UK and the
FDIC in the US will certify their members and somehow associate a logo
with the certification. That's technically trivial.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html