[ietf-dkim] New Issue: 4.2 needs new
Attack Item: InconsistentSignature vs Policy Attacks
Dave Crocker
dhc at dcrocker.net
Tue Jan 31 09:48:33 PST 2006
Bill,
Bill.Oxley at cox.com wrote:
> The hacker does not need access to my zone, he just attaches a lookalike
> header yes " And to have *any* rule that allows bypass of defense
> based upon the receipt of a header from outside your control is
> extremely dangerous." But folks will do it anyway
By "lookalike" do you mean social engineering with a related name string, such
as citibank.com vs. c1t1bank.com, or do you mean something else.
If something else, please elaborate.
On the other hand, if you mean the name confusion thing, I would guess that that
is entirely out of the scope for this working group, since it really pertains to
reputation mechanisms, associations between domain names and brands, etc.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
More information about the ietf-dkim
mailing list