Hi EKR,

Regarding phishing:

> S 5.4.
(I think you mean S 5.3, but this equally applies to section 5.5, so...)
> It's pretty odd to talk about phishing without acknowledging that by
> far the largest anti-phishing platform (Safe Browsing) operates in the
> client, not be network interception

It's not odd at all.  Phishing and spam are intimately related, and one
can't look at Safe Browsing in a vacuum, because one must take into
account the content has already been filtered before it ever gets to the
browser.  Hint: it's a lot.  According to Talos, the average daily
volume of spam in January was 421 billion messages, of which some
fraction were phish(*).  While there are a number of techniques that do
NOT require access to the body of a message, such as honeypots, there
are others that do.  Just two examples out of many: URLs who themselves
have bad reputations, and  hash busters whose job it is to ruin the day
of a Bayesian filter.

Also, your use of the word "network interception" here is partially
misplaced.  The mail architecture itself relies on intermediaries, and
it is best practice to use them.  None of this addresses spear phishing,
which is very difficult to spot, but requires forensic analysis to clean
up after.  Again, the intermediaries in the architecture play a key role.

Eliot
(*) Different people count differently, but the number is always large.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to