On Wed, 18 Aug 2004 [EMAIL PROTECTED] wrote:
> But wouldn't this require access to an account on the domain you are going
> to claim the email is from?
Yes, but it's easy enough to get a throwaway Yahoo account.
> If I want a message signed by Citibank, I would need access to send a
> message from their server. I don't have that and I'll bet most
> spammers/phishers don't either.
That's true. So as an anti-phishing measure, DomainKeys might have
some merit. That is, until phishers register domains like
"citi-bank.com" (oops, someone already has!) or "citionline.com"
(oops, that one's gone too!) that will certainly be enough to fool a
lot of people.
The other thing I've seen is a From: line like this:
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Guess what most e-mail clients show in the "From" column? Guess which
address DomainKeys will check?
Regards,
David.
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
