On Fri, 2004-06-04 at 12:57, Daniel Quinlan wrote:
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com> writes:
Yeah! customerservice(_at_)bigbank-phisher(_dot_)com sent me an email and
bigbank-phisher.com says that it's actually an email from
bigbank-phisher.com! Nevermind the fact that bigbank-phisher.com is NOT
bigbank.com.
No, the problem is that you can give SPF-correct information in the SMTP
envelope, set one or two non-displayed headers (Sender, Resent-From,
etc.) to be correct, but then set From: to be bigbank.com. Since From:
is not checked under the SPF/Caller-ID merge and since not all MUAs
display from, then it seems to be from bigbank.
Heh, we're arguing the same thing... I think we are both arguing that
none of this means anything at all if people are not aware of the way it
works (in such-and-such scheme, From isn't checked, but MAIL FROM is,
and Sender is (for example)) and that ...
Sure, you can compare headers, or rely on improved MUAs, but most people
still think the "From:" is the person who sent it and they're going to
believe it even more after all the hoopla we're hoping to generate.
Exactly. I think there is too much concentration on the hoopla --
people are going to think "these geeks are figuring it out, thank god,
because I don't want to have to think about it", but are not actually
going to change their habits and be more aware of phishing scams.
Showing more headers is one way to aid them to make more informed
decisions, but it will still be a problem because the level of
gullibility is still the same.
--
Andy Bakun: nuclear, biological, chemical
<abakun(_at_)thwartedefforts(_dot_)org>