Perhaps your example would be a successful look alike domain for using in phishing attacks or perhaps not. The data I have from some ops processes around helping users recover their accounts lost from phishing may indicate that there's only a few hundred look alikes of a domain that actually work on any given target.
It would certainly be an interesting project to aggregate data from other domains who's users are under attack and get more accuracy rather than just hypothesis. If it turns out that there are usually only a few hundred or even a few thousand look-alike permutations of a target domain that work in phishing attacks then the current DMARC spec already provides a real-way to mitigate the look alike vector. Josh On Thu, Jun 5, 2014 at 8:24 PM, John Levine <jo...@taugh.com> wrote: > >While there's many permutation of letters and symbols that can make a > >domain only a few will be close enough to be used for the purposes of > >fooling someone to think its another domain that they regularly interact > >with. (E.g. Someone isn't going to be fooled that t43397u.com looks like > >twitter.com.) > > No, but they'll be fooled by wellsfargo.com.banker.email (available, > grab it while you can.) There's also a variety of IDN tricks involving > lookalike characters that aren't used much in the US but are popular > elsewhere. > > R's, > John >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)