In <[EMAIL PROTECTED]> "Edberg, Jeremy" <[EMAIL PROTECTED]> writes:
> Another related attack that I did not see mentioned in the threat > analysis is what we call the "pretty from" attack. Most popular email > clients display the arbitrary text in the From header as the display > name, if there is one. For example, if the from header were 'From > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>', the client would show > "[EMAIL PROTECTED]" as the from address. A variation on this is: From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>', " On Behalf of " <[EMAIL PROTECTED]> DKIM (like SenderID) only validates the first email address on the From: line. The rest of the From: line can be used to help confuse the situation. Of course, the bad actor won't pick such an obvious name as "[EMAIL PROTECTED]". Stopping phishing is a hard problem. I know of no email authentication system that I think can really do a very good job of even slowing it down. This is really something that MUAs will have to deal with, and any of the email authentication systems can be used to help out MUAs in this area. -wayne _______________________________________________ ietf-dkim mailing list http://dkim.org
