On Saturday 09 September 2006 19:16, Wietse Venema wrote: > Hector Santos: > > Just so you know, no one, atleast not me, has said that SSP or DKIM-BASE > > itself will protect against near-domain style spoofing A.K.A phishing. > > Actually, the discussion has demonstrated that SSP can't detect > look-alike phishing, while DKIM-BASE can.
Not without getting beyond the scope of the WG charter. DKIM-BASE certainly gives a more reliable name basis for name based reputation and accept/reject decisions. It does not, however, provide a complete mechanism for doing so on it's own. Another question I would have is how a message from a sender on the trusted list that was received without a valid signature would be treated. Without SSP to determine is the domain signs all mail, it would seem problematic to either accept or reject such messages. It may be that SKIM-SSP would complement such efforts. > > This involves a list of trusted DKIM-BASE signing domains (*). > Given this list, potential look-alike or exact-name phishing attempts > stand out because their signing domain isn't in the trusted list. > Agreed, but this list is outside the scope of what I understand the WG was chartered to do. > That list could be recipient maintained (a bit like the way SSH > asks for permission when it encounters an unknown hostkey). Or it > could be maintained externally. > > I think that a list of trusted DKIM-BASE signing domains can go a > long way towards the elimination of look-alike and exact-name > forgeries. Agreed, but that requires additional mechanism beyond what we are chartered to do. I'd be interested to know if someone was working on an open solution to this part of the problem. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html