On 2/27/2011 1:30 AM, Michael Deutschmann wrote: > There's one problem with DKIM as a phishing defense, which I have > mentioned in passing a few times here, but no one else seems to have > taken up discussion of. > > An e-mail From: usually has two parts. One is the email address itself. > The other part is the full name of the sender. Usually the address is > enclosed in angle brackets while the remainer of the header is the full > name, although there is an alternative form where the full name is in > parentheses and the address is bare.
You seem to begin with the belief that DKIM validates the email address in the From: field. It doesn't. In fact, DKIM is not a direct defense against phishing. It validates an identifier in a message; the identifer is independent of the From: field and all other identifiers in the message. The owner of the identifier might (or might not) have a positive reputation. But DKIM says nothing about the validity of any other information in that message. d/ ps. To the extent that a mechanism is claiming to validate the From: field, and to the extent that this is intended to extend to user-visible information, you are correct that the <display-name> string is of concern. The recently deceased Goodmail validated the display-name. -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
