[ietf-dkim] Case for ADSP "dkim=except-mlist"
wietse at porcupine.org
Fri Oct 16 16:24:35 PDT 2009
> But guessing which list to forge is an SbO that the
> spammers have not pierced yet.... Impersonating any list other than those 6
> is futile -- it will bounce off my anti-Bcc filter.
It's called spear-phishing, which is a form of targeted attack that
occasionally makes headline news.
Speaking of unintended consequences, this kind of anti-BCC filter
is an example of how a well-intended security feature can actually
help opponents to make email look more authentic (because they know
what list headers to impersonate in order to pass the filter).
You can require that those six approved lists sign such mail. That
requirement makes the proposed DKIM feature even more redundant.
More information about the ietf-dkim