[ietf-dkim] Collection of use cases for SSP requirements

[Steve Atkins]

On Nov 11, 2006, at 11:31 AM, <Bill.Oxley at cox.com> wrote:

> The FDIC certifies a bank and authorizes them to use a logo, won't the
> phishers immediately certify their mail with that logo?

Yes. But that logo will be in the body of the message, not in the
MUA where it would be for a real bank messge.

Think web browser-ssl-padlock or web browser coloured address
bar, rather than an attached gif.

Cheers,
   Steve

> Thanks,
>
> Bill Oxley
> Messaging Engineer
> Cox Communications, Inc.
> Alpharetta GA
> 404-847-6397
> bill.oxley at cox.com
>
> -----Original Message-----
> From: ietf-dkim-bounces at dkim.org [mailto:ietf-dkim- 
> bounces at dkim.org] On
> Behalf Of John Levine
> Sent: Saturday, November 11, 2006 1:35 PM
> To: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] Collection of use cases for SSP requirements
>
>>>> But how do you tell, automatically, that a message is from a  
>>>> "bank",
>
>>>> and therefore ought to be ignored if it is not whitelisted?
>
> Your computer doesn't tell automatically, you tell by looking at it.
> This is a task that humans do much better than computers do.  As I
> said:
>
>  On the other hand, if we encourage whitelists of real banks, the
>  user's model is like this:
>
>  1) Incoming message appears to be from a bank.
>
>  2) Does the MUA show the golden dollar sign that means it's from a
>  real bank?
>
>  3) Done.
>
> As I hope is obvious here, I'm assuming that existing organizations
> that know who the real banks are, such as the FSA in the UK and the
> FDIC in the US will certify their members and somehow associate a logo
> with the certification.  That's technically trivial.
>
> R's,
> John
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html