ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How would SPF or Sender Id caught this one?

2004-07-30 17:58:54
from [Bill McInnis] [Permanent Link] 
What keeps an spoofer from sending the non-S/MIME message and it still
reaching the end user?  
 
Bill McInnis
MessageLevel.com
 
-----Original Message-----
From: Daryl Odnert [mailto:daryl(_dot_)odnert(_at_)tumbleweed(_dot_)com] 
Sent: Friday, July 30, 2004 8:11 PM
To: Bill Mcinnis; IETF MARID WG
Subject: RE: How would SPF or Sender Id caught this one?


Well, I think the idea is that SPF and/or Sender ID significantly raise
the bar in terms of how difficult it is to spoof sender's identity.
Today, just about anyone can send a spoofed message by changing some
settings in their email client application.  If tomorrow, it becomes
necessary to spoof a TCP session to do the same thing, I think that's
significant progress.
 
If you really want to trust that the contents of a email message was
authored by the person who claims to be the author, you need to use a
digital signature based authentication mechanism (e.g. S/MIME).  Many
financial institutions and online retailers are considering that option
together with other authentication and anti-spam/anti-phishing
strategies.
 
Daryl Odnert
Tumbleweed Communications
Redwood City, California
 
-----Original Message-----
From: Bill McInnis [mailto:bill(_dot_)mcinnis(_at_)messagelevel(_dot_)com]
Sent: Friday, July 30, 2004 4:50 PM
To: 'Daryl Odnert'; IETF MARID WG
Subject: RE: How would SPF or Sender Id caught this one?



Thanks for the reply,
 
I read that and that was my understanding as well.  So does this make it
a solution that works fine for mailing lists, but not for financial
institutions, online retailers, and pretty much anyone transacting
dollars online?  
 
The example was not made up.  We are seeing that scenario more and more
where I am sitting.    
 
 
Bill McInnis
MessageLevel.com
 
 -----Original Message-----
From: Daryl Odnert [mailto:daryl(_dot_)odnert(_at_)tumbleweed(_dot_)com] 
Sent: Friday, July 30, 2004 7:44 PM
To: Bill Mcinnis; IETF MARID WG
Subject: RE: How would SPF or Sender Id caught this one?




How would SPF or Sender ID have managed to catch that attack? 


I think the answer is: they cannot.  If the phisher successfully 
spoofed the an SMTP over TCP session, there is nothing that SPF 
or Sender ID can do about that. 

You might want to look at section 6.2 of draft-ietf-marid-core-02.txt. 

Regards, 
Daryl Odnert 
Tumbleweed Communications 
Redwood City, California
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How is SPF different from RMX?, Michel Bouissou
Next by Date:  RE: How would SPF or Sender Id caught this one?, Larry Seltzer
Previous by Thread:  RE: How would SPF or Sender Id caught this one?, Daryl Odnert
Next by Thread:  RE: How would SPF or Sender Id caught this one?, John Glube
Indexes:  [Date] [Thread] [Top] [All Lists]