Hi EKR, Regarding phishing:
> S 5.4. (I think you mean S 5.3, but this equally applies to section 5.5, so...) > It's pretty odd to talk about phishing without acknowledging that by > far the largest anti-phishing platform (Safe Browsing) operates in the > client, not be network interception It's not odd at all. Phishing and spam are intimately related, and one can't look at Safe Browsing in a vacuum, because one must take into account the content has already been filtered before it ever gets to the browser. Hint: it's a lot. According to Talos, the average daily volume of spam in January was 421 billion messages, of which some fraction were phish(*). While there are a number of techniques that do NOT require access to the body of a message, such as honeypots, there are others that do. Just two examples out of many: URLs who themselves have bad reputations, and hash busters whose job it is to ruin the day of a Bayesian filter. Also, your use of the word "network interception" here is partially misplaced. The mail architecture itself relies on intermediaries, and it is best practice to use them. None of this addresses spear phishing, which is very difficult to spot, but requires forensic analysis to clean up after. Again, the intermediaries in the architecture play a key role. Eliot (*) Different people count differently, but the number is always large.
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg