Scott Kitterman: > On Saturday 09 September 2006 12:07, Dave Crocker wrote: > > Wietse Venema wrote: > > > Here is an example why first-party signatures can be dangerous. ... > The best way to help end-users avoid getting phished it to not accept phishing > messages for delivery. DKIM-SSP where strict policy statements are published > offer a mechanism for this. From my perspective, the utility of DKIM as it > relates to end-users is, I agree, quite uncertain.
This is exactly the trap that I was describing in the mail cited above. Blindly believing DKIM-SSP gives a false sense of security, and provides criminals with even more convincing ways to rob people. I really recommend that you read my entire email message. > > Therefore, to the extent that anyone touts a DKIM-based mechanism as > > defeating phishing, we run the risk of undermining all of DKIM's > > credibility, by setting expectations far too high. > > > Agreed. Is anyone doing this? See my point above. We're already raising expectations too high, by claiming that DKIM-SSP will block phishing mail. It will only make phishing mail look more authentic. Wietse _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html