[ietf-dkim] SSP = FAILURE DETECTION
dotis at mail-abuse.org
Tue Sep 12 11:09:33 PDT 2006
On Sep 12, 2006, at 10:49 AM, Arvel Hathcock wrote:
>> SSP has an advantage when we assume that criminals
>> are stupid enough to keep sending forged mail. It
>> has no advantage with look-alike attacks. Guess what
>> criminals will do.
> They will stop using real domains and start using other domains
> (assuming your logic plays out).
> This is PROGRESS. This is something positive (not negative).
> Today I received a half dozen paypal phishing mails. All had
> "<local-part>@paypal.com" in the FROM header. SSP can stop that.
> SSP can't solve everything but that's no reason not to let it
> address what it can solve.
Restrictive policy that blocks only a portion of spoofing attempts is
not progress, it is failure. This will not improve the opening rate
of valid messages or reduce the success of criminal activity. Only
annotations based upon retained email-address will prove successful,
not SSP based blocking. SSP based blocking breaks email for normal
uses that is a step backwards.
More information about the ietf-dkim