[ietf-dkim] Review of DKIM Sender Signing Practices
johnl at iecc.com
Tue Dec 4 10:47:44 PST 2007
>>> There is a trivial mechanism that can cut down SSP lookups to almost
>>> nothing: don't query domains from which you've never received a valid
>>> DKIM signature.
>> My network gets tons of fake mail from HSBC UK and no real mail from
>> them since none of my North American users have an account there. How
>> would I be able to tell that it should have been signed?
> If nobody cares about HSBC UK, why should you?
Uh, because SSP is supposed to be able to help me tell that it's a phish?
I can't believe you're saying that I should just deliver phishes if I
don't think anyone's likely to fall for them, but it's hard to assign a
different meaning to your question.
As it happens, lots of people around here have HSBC US accounts, the two
banks' branding is nearly identical, and it's not absurd to worry that if
someone put HSBC US account info into the HSBC UK phish, the bad guys
would be able to make use of it.
More information about the ietf-dkim