There's one problem with DKIM as a phishing defense, which I have
mentioned in passing a few times here, but no one else seems to have
taken up discussion of.
An e-mail From: usually has two parts. One is the email address itself.
The other part is the full name of the sender. Usually the addres
On 2/27/2011 1:30 AM, Michael Deutschmann wrote:
> There's one problem with DKIM as a phishing defense, which I have
> mentioned in passing a few times here, but no one else seems to have
> taken up discussion of.
>
> An e-mail From: usually has two parts. One is the email address itself.
> The
>Hence, I could send a phish as:
>"From: PayPal "
Um, you must be new here. We've argued about this ad nauseam
over the years.
As Dave points out, DKIM does not "validate" anything other than that
the message you received is the same as the one the signer signed (for
a perhaps too complex versio
> Um, you must be new here. We've argued about this ad nauseam
> over the years.
We have, but I think this is an unnecessarily brusque way to point that out.
In any case, let me cut this line of discussion off by saying that any
consideration of the "display name" portion of any address field is
On 27 Feb 2011, John Levine wrote:
> Um, you must be new here. We've argued about this ad nauseam
> over the years.
I've been subscribed since Janurary 2008. Although my eyes may have
glazed over during some of the longer threads
There are two uses for a protocol similar to DKIM/ADSP.
#1:
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
> boun...@mipassoc.org] On Behalf Of Michael Deutschmann
> Sent: Tuesday, March 01, 2011 6:12 PM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] Full name problem
>
> On 27 Feb
> There are two uses for a protocol similar to DKIM/ADSP.
>
> #1: it can be used as one of many general mailbox decluttering weapons,
> reducing the amount of "bad mail" of various sorts that the end recipient
> has to sort through with his own eyes.
>
> #2: it can be used to stop phishes from bein
On Tue, 1 Mar 2011, MH Michael Hammer wrote:
> The display name is problematic as Mr. Crocker has pointed out. One
> solution to this which I have suggested in the past is to not display
> the display name in the MUA if the email fails to authenticate.
That won't help. The attack mail will authen
Comments inline.
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
> boun...@mipassoc.org] On Behalf Of Michael Deutschmann
> Sent: Wednesday, March 02, 2011 3:20 AM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] Full name problem
On Wed, 2 Mar 2011, MH Michael Hammer wrote:
> This relies on the user having the entries in the address book. As many
> marketers would tell you, easier said than done when it comes to
> corporate/organizational mail. I can't speak to mail from individuals.
The mail wouldn't be blocked -- it woul
I repeat:
Any consideration of the display-name field and any discussion of what
user interfaces might oughta do with them is out of scope for this
working group.
The chairs have no direct objection to having side discussions of
those topics on this list as long as they don't distract us from
deal
On Mar 2, 2011, at 3:19 AM, Michael Deutschmann wrote:
> On Tue, 1 Mar 2011, MH Michael Hammer wrote:
>> The display name is problematic as Mr. Crocker has pointed out. One
>> solution to this which I have suggested in the past is to not display
>> the display name in the MUA if the email fails t
12 matches
Mail list logo
