[ietf-dkim] SSP = FAILURE DETECTION
Douglas Otis
dotis at mail-abuse.org
Mon Sep 11 11:47:41 PDT 2006
On Sep 11, 2006, at 11:13 AM, Damon wrote:
> There are only so many look-alike domains compared to as it is now,
> being able to come from anywhere. If we were able to just focus on
> look-alike's (as an admin) it would make things a lot simpler.
John Levine offered a fairly representative sample of what a phish
domain looks like.
http://mipassoc.org/pipermail/ietf-dkim/2006q3/005884.html
These attempts are slippery where a recipient is truly unable to know
what is real by careful examination of the domain name. This also
enters into the era where the browsers and clients default with
translated punycode found in ACE labels.
If you are using Firefox, check the setting at about:config URL for
network.IDN_show_punycode. When this is set to the default false,
the browser displays a translation rather than punycode. Showing
either offers limited protection from all forms of look-alike
attack. Internet naming is not limited to just ASCII.
There aren't only so many look-alikes. The list of look-alikes is
virtually unlimited. Protection requires a list of trusted domains
be retained for comparison. There is no need for SSP to indicate
that all messages are signed for this comprehensive protection
through comparison to be available to the recipient.
-Doug
More information about the ietf-dkim
mailing list