[ietf-dkim] SSP = FAILURE
Scott Kitterman
ietf-dkim at kitterman.com
Sat Sep 9 10:40:27 PDT 2006
On Saturday 09 September 2006 13:26, John Levine wrote:
> >The best way to help end-users avoid getting phished it to not accept
> >phishing messages for delivery. DKIM-SSP where strict policy
> >statements are published offer a mechanism for this.
>
> I get a message from security at ebay-verify.com. It has a valid
> signature. I check the SSP for ebay-verify.com, which says "MAJOR
> PHISHING TARGET, ACCEPT ONLY WITH SIGNATURE." So I drop it into the
> recipient's mailbox with a gold star on it.
>
> What have we just accomplished?
>
A bad thing. Don't put the gold star on it. That would be a mistake.
Scott K
More information about the ietf-dkim
mailing list