Thomas A. Fine:
> Wietse Venema wrote:
> >Thomas A. Fine:
> >> Wietse Venema wrote:
> >> >Criminals switch strategy, and use look-alike domains to make their
> >> >mail look even more authentic than it does today.
> >> >
> >> >If this is how SSP stops phishing mail, we have achieved nothing.
> >>
> >> I can NOT stop burglaries, but I still have locks on my doors. But
> >> SSP is BETTER than a lock:
> >
> >I you knew my work then you would know better than to picture me
> >as an "it's not perfect therefore it's worthless" zealot.
> >
> >DKIM-base can help to give good sites an edge over look-alike
> >domains (with a trusted signing domain list, possibly maintained
> >like an ssh trusted fingerprint list).
> >
> >I see no such advantage with SSP.
>
> With only DKIM-base, and MDA will present unsigned, forged mail from
> bigbank.com to the end user, and it will hope that the user notices
> BOTH that the message is not signed, AND that bigbank.com has in the
> past signed things. Users, being inherently unreliable, will sometimes
> get fooled.
>
> With DKIM/SSP, the MDA will prevent the mail from being delivered to
> the user. Users will never get fooled.
>
> See the advantage now?
What was the advantage of SSP with look-alike domains?
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
