On Saturday 09 September 2006 14:10, Wietse Venema wrote: > Scott Kitterman: > > > Blindly believing DKIM-SSP gives a false sense of security, and > > > provides criminals with even more convincing ways to rob people. > > > I really recommend that you read my entire email message. > > > > If you had said that Blindly believing [positive indications from] > > DKIM-SSP ... then I would agree 100%. I do not think that SSP can help > > assert anything about the goodness of a message. I think it's only > > utility is in finding some that are definitely bad. > > Criminals switch strategy, and use look-alike domains to make their > mail look even more authentic than it does today. > I agree they will switch strategies when one stops working.
I also agree that they will continue to evolve the content to make them look more authentic than they do today. It seems to me you may be saying that a look-alike domain can be made to look more authentic than the actual domain. Is that right? If so, I'd like to understand that. > If this is how SSP stops phishing mail, we have achieved nothing. > I wouldn't call it nothing, but I guess that's a matter of opinion. I don't know what else it could accomplish. I would call forcing phishers to switch from exact domains to look-alikes progress. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html