Steve Atkins wrote:
The "brand" cannot be protected solely via ADSP, at all, not in any manner.
By that I mean that it's possible to protect the byte sequence paypal.com to
some limited degree, but that that is operationally meaningless without any
way to distinguish between "paypal.com" and "paypa1.com", or between
"citibank.com" and "citibankonline.com",
If anything, Steve is being generous, because it's actually muss worse than
that...
The name variants are one line of attack, with respect to the From: field
address - which is what's being discussed here.
But then there are all the attacks on the From: field visible name -- which is
all most recipients ever see -- the Subject line attacks and the Body attacks.
None of these is even touched by an ADSP approach.
When someone asserts that a mechanism offers protection, they are obligated to
account for the cases that are /not/ covered. If they are diligent, they will
then assess the relative costs and benefits of this protection proportion,
versus the unprotected proportion.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html