On Sat, 2004-06-05 at 19:31, Shevek wrote:
On Fri, 4 Jun 2004, Daniel Quinlan wrote:
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com> writes:
Yeah! customerservice(_at_)bigbank-phisher(_dot_)com sent me an email and
bigbank-phisher.com says that it's actually an email from
bigbank-phisher.com! Nevermind the fact that bigbank-phisher.com is NOT
bigbank.com.
No, the problem is that you can give SPF-correct information in the SMTP
envelope, set one or two non-displayed headers (Sender, Resent-From,
etc.) to be correct, but then set From: to be bigbank.com. Since From:
is not checked under the SPF/Caller-ID merge and since not all MUAs
display from, then it seems to be from bigbank.
Given that the purpose of SPF was to prevent joe jobs, why are we having
this discussion?
It was a side issue, discussing that there is no silver bullet for
phishing, and you can't even get close to doing anything about phishing
if people are not actually paying attention to what their tools are
telling them and/or the tools are not telling them the correct
information.
When you have a hammer, everything looks like a nail.
In this case, we seem to have a nail, and SPF has a hammer costume on. But
it isn't a hammer.
Heh.
I think we're all in agreement on this side issue. :)
--
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com>