spf-discuss
[Top] [All Lists]

Re: A hole in planned phishing-prevention?

2004-06-04 10:57:32
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com> writes:

Yeah! customerservice(_at_)bigbank-phisher(_dot_)com sent me an email and 
bigbank-phisher.com says that it's actually an email from 
bigbank-phisher.com!  Nevermind the fact that bigbank-phisher.com is NOT
bigbank.com.

No, the problem is that you can give SPF-correct information in the SMTP
envelope, set one or two non-displayed headers (Sender, Resent-From,
etc.) to be correct, but then set From: to be bigbank.com.  Since From:
is not checked under the SPF/Caller-ID merge and since not all MUAs
display from, then it seems to be from bigbank.

Sure, you can compare headers, or rely on improved MUAs, but most people
still think the "From:" is the person who sent it and they're going to
believe it even more after all the hoopla we're hoping to generate.

Daniel 

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/