Interesting People mailing list archives
Clueless about phishing
From: David Farber <dave () farber net>
Date: Thu, 23 Dec 2004 19:37:29 -0500
------ Forwarded Message From: Bob Frankston <rmfxixB0406 () bobf frankston com> Date: Thu, 23 Dec 2004 17:27:27 -0500 To: Dave Farber <dave () farber net> Subject: Clueless about phishing I just got another suspicious letter not very it does seem legit but why does Verizon assume that I will trust jangomail.com? I¹m wary about email messages these days that have a phishing risk. For safety I try to figure out if the message is, at least, from the claimed source. I would expect corporations such as eBay and Verizon to share my concern. My mail handler does simple reality checks on incoming mail. URL¹s with %¹s are suspicious though they are sometimes legitimate and I want to make sure that the mail comes from the claimed source. To do that I rely on the site name and reverse DNS lookup. For normal email this overly harsh and should not be a blanket policy. It is also far from perfect. But for phishable sites I expect them to give me some reason to treat their message as authentic. eBay fails reverse DNS lookup its DNS names are bound to internal 10.x addresses. And Verizon sent me that promotional message from Jangomail.com. I can understand using a third party mailer but it should be from jangomail.verizon.com not jangomail.com. Making the DNS more critical is not a solution we need third party vouching services rather than hardening a single centralized system. Trust is a social decision not a technical issue. It cannot be solved by appealing to the God Procrustes. Cryptographic vouching is just a mechanism and part of a large scale approach I¹m working on. In the meantime, the DNS is what we have and those who want our trust must understand how to use it. ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Clueless about phishing David Farber (Dec 23)