[ietf-dkim] Collection of use cases for SSP requirements
Charles Lindsey
chl at clerew.man.ac.uk
Thu Nov 9 04:33:49 PST 2006
On Wed, 08 Nov 2006 16:43:58 -0000, Steve Atkins <steve at blighty.com> wrote:
> On Nov 8, 2006, at 8:10 AM, Scott Kitterman wrote:
>>
>> I agree that this does not help with look-alike domains, but for
>> phishing
>> that uses a sender's domain, I'm noy sure what you are getting at?
>
> You point out the underlying issue nicely.
Well at least it is a start to force the phishers into using look-alikes.
>
> Phishing doesn't have to use the real domain. There are *countless*
> ways of phishing that don't require it. Even now, a lot of phish mails
> don't bother using the real domain, even though there's no real
> disincentive to do so in most cases. If there were even a minor
> disincentive then they could move away from that today with
> minimal inconvenience.
>
> Many of them use their own domains, for which they could trivially
> publish SSP data.
Which is where we need sites on which "reputations" can be queried. I
envisage these will operate rather like the present DNSBL blacklists. You
choose such a site that you trust, and then ask its advice on the action
you should take according to the signer, From address, etc. I would
suppose that phishers own domains would rapidly acquire a rather poor
reputation (and the advice should be to "delete all mail where the
signature succeeds, and even where it doesn't").
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list