On Wed, 09 Apr 2008 19:27:27 +0100, Dave Crocker <[EMAIL PROTECTED]> wrote:
> Eric Allman wrote:
>> Dave, I'm not understanding how the algorithm can work if you omit step
>> 2 from section 4.2.2.
> The attack that you describe requires using some name other than the one
> that is
> listed. The single, specific name that is listed is, indeed,
> "protected".
Sure, if a phisher includes
From: [EMAIL PROTECTED]
then SSP/DKIM will catch him.
If the phisher includes
From: [EMAIL PROTECTED]
then we know that SSP/DKIM cannot catch him, and there is not much we can
do about that other than to advise phishees to read From headers _very_
carefully.
But if the phsher includes
From: [EMAIL PROTECTED]
where the domain mailout.ebay.com does not exist, then it needs to be
caught somehow, since the phishee will look at it _very_ carefully and
will find it perfectly reasonable (as indeed it is).
So if we cannot arrange that mailout.ebay.com is not caught by some
sub-domain mechanism within SSP, then we at leaast need to say, perhaps
non-normatively:
"Although it is impossible to obtain an SSP record for a non-existant
sub-domain of a protected domain, verifiers might well choose to to
reject/discard/whatever messages with non-existent domains in From headers
as a matter of policy quite separate from their policies arising from
SSP/DKIM."
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email:[EMAIL PROTECTED]: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
