[ietf-dkim] Collection of use cases for SSP requirements
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Sat Nov 11 11:31:00 PST 2006
The FDIC certifies a bank and authorizes them to use a logo, won't the
phishers immediately certify their mail with that logo?
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill.oxley at cox.com
-----Original Message-----
From: ietf-dkim-bounces at dkim.org [mailto:ietf-dkim-bounces at dkim.org] On
Behalf Of John Levine
Sent: Saturday, November 11, 2006 1:35 PM
To: ietf-dkim at mipassoc.org
Subject: Re: [ietf-dkim] Collection of use cases for SSP requirements
>>> But how do you tell, automatically, that a message is from a "bank",
>>> and therefore ought to be ignored if it is not whitelisted?
Your computer doesn't tell automatically, you tell by looking at it.
This is a task that humans do much better than computers do. As I
said:
On the other hand, if we encourage whitelists of real banks, the
user's model is like this:
1) Incoming message appears to be from a bank.
2) Does the MUA show the golden dollar sign that means it's from a
real bank?
3) Done.
As I hope is obvious here, I'm assuming that existing organizations
that know who the real banks are, such as the FSA in the UK and the
FDIC in the US will certify their members and somehow associate a logo
with the certification. That's technically trivial.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
More information about the ietf-dkim
mailing list