On Mon, 2005-04-04 at 18:49 -0700, Hallam-Baker, Phillip wrote:
An institution receiving phishing attacks can thwart these
efforts by simply signing their email messages based upon the
domain, regardless of the local-part, internal links, or
phone numbers that may appear within these messages. In
fact, most of the phishing attempts endeavor to have the
recipient click on a link which appears to bring them to a
trusted web-site.
Having the local-part of the SENDER header bound to a key
does surprisingly little in terms of improving security or
consumer protection. The real danger would be within the
message, header order, and where a link could take the
recipient. Perhaps the link is to some bogus website that
simply stages a man-in-the-middle attack while logging
user-names and passwords.
You seem to be very definite in your views on this topic.
The banks are concerned to make sure that their anti-phishing solution
does not create new problems for them. If your suggestion was acted on
their bulk mailer would have the means to impersonate the Ceo of big
bank.
That is a risk neither big bank nor the bulk mailer will accept.
My suggestion prevents this risk. Don't give anyone your private keys.
This prevents any message you have not seen (or processed) from being
signed. By having the bank sign their own messages, rather than some
untrusted third-party, then what is contained within the message remains
within their control. It is my understanding corporations will need to
log all their email to fulfill Sarbanes-Oxley requirements anyway.
The problem happens when delegating to some untrusted third-party where
binding the local-part of the mailbox address was somehow seen as a
solution. Binding the local-part not a solution for many reasons, and a
bad idea for many other reasons. A bulk provider can send pre-signed
advertisements.
-Doug