On Wed, 09 Apr 2008 19:27:27 +0100, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
Eric Allman wrote:
Dave, I'm not understanding how the algorithm can work if you omit step
2 from section 4.2.2.
The attack that you describe requires using some name other than the one
that is
listed. The single, specific name that is listed is, indeed,
"protected".
Sure, if a phisher includes
From: info(_at_)ebay(_dot_)com
then SSP/DKIM will catch him.
If the phisher includes
From: info(_at_)ezbay(_dot_)com
then we know that SSP/DKIM cannot catch him, and there is not much we can
do about that other than to advise phishees to read From headers _very_
carefully.
But if the phsher includes
From: info(_at_)mailout(_dot_)ebay(_dot_)com
where the domain mailout.ebay.com does not exist, then it needs to be
caught somehow, since the phishee will look at it _very_ carefully and
will find it perfectly reasonable (as indeed it is).
So if we cannot arrange that mailout.ebay.com is not caught by some
sub-domain mechanism within SSP, then we at leaast need to say, perhaps
non-normatively:
"Although it is impossible to obtain an SSP record for a non-existant
sub-domain of a protected domain, verifiers might well choose to to
reject/discard/whatever messages with non-existent domains in From headers
as a matter of policy quite separate from their policies arising from
SSP/DKIM."
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html