On 2/27/2011 1:30 AM, Michael Deutschmann wrote:
There's one problem with DKIM as a phishing defense, which I have
mentioned in passing a few times here, but no one else seems to have
taken up discussion of.
An e-mail From: usually has two parts. One is the email address itself.
The other part is the full name of the sender. Usually the address is
enclosed in angle brackets while the remainer of the header is the full
name, although there is an alternative form where the full name is in
parentheses and the address is bare.
You seem to begin with the belief that DKIM validates the email address in the
From: field. It doesn't.
In fact, DKIM is not a direct defense against phishing. It validates an
identifier in a message; the identifer is independent of the From: field and
all
other identifiers in the message. The owner of the identifier might (or might
not) have a positive reputation. But DKIM says nothing about the validity of
any other information in that message.
d/
ps. To the extent that a mechanism is claiming to validate the From: field, and
to the extent that this is intended to extend to user-visible information, you
are correct that the <display-name> string is of concern. The recently
deceased
Goodmail validated the display-name.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html