[ietf-dkim] protecting domains that don't exist
Dave Crocker
dhc at dcrocker.net
Mon Apr 28 08:18:36 PDT 2008
Al,
Al Iverson wrote:
> My
> concern is that if I can't restrict or cause failures automatically
> outside of a specific subdomain or host, it does me little good to
> sign on signed.spamresource.com when a phisher can fake
> signed2.spamresource.com and not automatically be failed by checking
> sites.
I believe there is no disagreement about whether the capability would be nice.
This is all about the technical feasibility, given real-world DNS constraints.
So let's take your underlying assumption: What, exactly, is the scenario that
uses a faked domain name and is effective?
We are probably going to find different assumptions about how things are
processed.
What do you believe happens after they slip past this ADSP filter, that makes
this fake use damaging?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list