Steve Atkins wrote: > The "brand" cannot be protected solely via ADSP, at all, not in any manner. > > By that I mean that it's possible to protect the byte sequence paypal.com to > some limited degree, but that that is operationally meaningless without any > way to distinguish between "paypal.com" and "paypa1.com", or between > "citibank.com" and "citibankonline.com",
If anything, Steve is being generous, because it's actually muss worse than that... The name variants are one line of attack, with respect to the From: field address - which is what's being discussed here. But then there are all the attacks on the From: field visible name -- which is all most recipients ever see -- the Subject line attacks and the Body attacks. None of these is even touched by an ADSP approach. When someone asserts that a mechanism offers protection, they are obligated to account for the cases that are /not/ covered. If they are diligent, they will then assess the relative costs and benefits of this protection proportion, versus the unprotected proportion. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
