On Fri, 10 Oct 2008 18:21:39 +0100, SM <sm(_at_)resistor(_dot_)net> wrote:
At 02:13 10-10-2008, Charles Lindsey wrote:
Which suggests a much simpler answer to the whole problem. The
authserv-id
is chosen by the MTA. So you simply state that the authserv-id MUST NOT
be
the domain name of the MTA as obtainable from the (any) MX record, or be
easily derivable from it. That is not to say it may not contain that
domain name, but it must also include some other "magic word" which
could
not be guessed by the Bad Guys, but which could be hidden in the
documentation provided by that HTA to its end users.
The "Bad Guys" could easily find out the authserv-id as a person can
set up an account on the receiving domain to figure it out.
If the phisher is planning a phish of a million messages, addressed to
maybe 100,000 distinct domains, then he can hardly subscribe to 100,000
ISPs without getting noticed. Moreover, if he lets his botnet do the work,
then he has to get the inormation back from his botnet, which itself will
provide 100,000 fresh opportunities for the Good Guys to identify him.
Botnets only work so well because they require only one-way communication
from the bot herder once they have been set up.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html