Al Iverson wrote:
My underlying point is that I need to understand more about how
phishers, once locked out of use of bigbank.com due to DKIM+ADSP, can
best be persuaded to avoid use of account.info.bigbank.com, or any
other subdomain that they've thought of, that I haven't.
Al, I think you have phrased a very useful question. But I also think it
highlights a problem in how we've been pursuing things.
In all likelihood, we can assume that phishers will, in fact, try to use
sub-domains. I believe the real question is not the one you put forward but
rather:
How will it benefit phishers to use arbitrary sub-domains?
How, exactly?
1. What is the scenario on the receive side that will make this beneficial?
2. What is the basis for believing that this scenario will, in fact, occur?
So the question is about receive-side, not send-side.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html