On Tue, Dec 6, 2011 at 1:30 PM, Mark Sapiro <m...@msapiro.net> wrote: > On 12/5/2011 10:58 AM, Monica Chew wrote: > >> For context, I work at Google on Gmail spam, and one of the things we've >> been doing as an anti-phishing measure is enforcing that mail from certain >> highly-phished domains must be signed with the DKIM key of the purported >> sender. We started this several years ago for just ebay and paypal ( >> http://gmailblog.blogspot.com/2008/07/fighting-phishing-with-ebay-and-paypal.html) >> and for the last couple of years have been trying to do it for >> google.comand a handful of other domains as well. >> >> A side effect of this has been that mailing-list mailing has been >> particularly difficult to classify. We've mostly solved the problem for >> groups that we host, but external mailing lists have been a continual >> challenge. As a result, many Google employees who want to participate in >> standards and open source communities have been unable to (see for example >> http://lists.openid.net/pipermail/openid-general/2009-June/018364.html, >> where both mail from Google and Facebook employees were not delivered to >> openid gmail members) with their standard mailing address. > > > It seems you could solve this particular problem by allowing gmail users > an option (non-default) to receive such mail with a "phish" warning > rather than not receiving it at all.
Ah, yes, the old trick of relying on users to correctly identify phish :) Unfortunately this rarely works well in practice. If the email looks good (e.g., the spammer just copies a legitimate message and replaces the login link with a phishing site) then most people typically don't notice that the URL is a phishing site. Some users even dig these out of their spam folder, even though the message has a big red banner at the top. In any case, a non-default setting is not going to solve the problem of senders from highly-phished domains to communicate with gmail and yahoo users through mailman. How would the list members even know to change this setting? Thanks, Monica _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
