ietf-mxcomp
[Top] [All Lists]

RE: How would SPF or Sender Id caught this one?

2004-07-30 16:50:26
Thanks for the reply,
 
I read that and that was my understanding as well.  So does this make it
a solution that works fine for mailing lists, but not for financial
institutions, online retailers, and pretty much anyone transacting
dollars online?  
 
The example was not made up.  We are seeing that scenario more and more
where I am sitting.    
 
 
Bill McInnis
MessageLevel.com
 
 -----Original Message-----
From: Daryl Odnert [mailto:daryl(_dot_)odnert(_at_)tumbleweed(_dot_)com] 
Sent: Friday, July 30, 2004 7:44 PM
To: Bill Mcinnis; IETF MARID WG
Subject: RE: How would SPF or Sender Id caught this one?



How would SPF or Sender ID have managed to catch that attack? 

I think the answer is: they cannot.  If the phisher successfully 
spoofed the an SMTP over TCP session, there is nothing that SPF 
or Sender ID can do about that. 

You might want to look at section 6.2 of draft-ietf-marid-core-02.txt. 

Regards, 
Daryl Odnert 
Tumbleweed Communications 
Redwood City, California