Wietse Venema wrote: >Criminals switch strategy, and use look-alike domains to make their >mail look even more authentic than it does today. > >If this is how SSP stops phishing mail, we have achieved nothing.
I can NOT stop burglaries, but I still have locks on my doors. But SSP is BETTER than a lock: Currently, I can receive mail that looks exactly like it is from an organization that I do business with, and only through careful inspection can I determine that something might be amiss. With SSP, I can only receive mail that looks ALMOST like it is from one of my orgs. This is huge. This gives the user layer the ability to quickly, accurately, and precisely differentiate between fake and real messages. That's what SSP accomplishes. As far as what happens in the user layer, no specification can control that. We can certainly predict that a significant number of people will still fall for look-alike domains. But this is vastly different than people falling for the exact valid email address they were expecting. What are we here for if we aren't here to fix that? tom _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html