Domain Keys “Adopted” by Phishers 11/30/2004 - 1,269 views, 1 Comment
|
Previous Article « IBM, Google, Oracle Among Those Worrying About Auction of Commerce One’s Web Services Patents
Read Next Article » Audio Interview: File Sharing? The Justice Department Says That They Want to Know Who You Are
Domain Keys is another flavour of email sender authentication, along with SPF and Microsoft Sender I.D., designed to help ensure that email which claims to be from Sender X is in fact from Sender X. Developed last year by Yahoo, and deployed last month, its primary purpose in life is to help prevent the forging of the return address in email. (The same holds true for SPF and Sender I.D.; in all three cases they are anti-forgery schemes. Now that you know that, whenever you hear someone bemoan that SPF or Sender I.D. or Domain Keys doesn’t stop spam, you can look smugly down your nose at them and inform them that they never were about stopping spam — they are about stopping forgery). However, surprise surprise, it turns out that phishers have started adopting Yahoo’s Domain Keys technology and using it in their phishy email. Why this is a surprise to anyone is beyond Aunty. It is not only exactly what happens with any email technology designed to help ensure the delivery of email, but it is exactly what you would expect to happen. The question is not whether scammers, spammers, and other nefarious Internet baddies adopt the technology. The question is whether they can adopt it successfully. By way of example, the company Habeas (disclaimer: Aunty has in the past been involved with Habeas) knew full well that spammers would attempt to use the Habeas system for assured email delivery to force delivery of their own spam. In fact, they counted on it, and had planned accordingly. So, rather than finding that the adoption of the Habeas technology facilitated the delivery of their spam to the inbox, the spammers found that the adoption of the Habeas technology facilitated the delivery of a lawsuit to their doorstep. So the simple fact that phishers have started using Domain Keys really means nothing, in and of itself. The question is, are they using it successfully? Or is it working exactly as its supposed to, with the Domain Key-laden phishmail not actually being authenticated and linked to the server which actually sent it? Remember, the owls are not what they seem. You can read more about this in eWeek.
|
|
Email the link for this page to a friend! |
Read more:
» AOL Offers Security Key, Adds Double Layer Log-in Authentication for Users
» Yahoo and Cisco Join Forces and Products to Develop DKIM (Domain Keys + Identified Internet Mail)
» New Viruses for AOL and Yahoo Instant Messengers for the Long Weekend
» Who are the Earliest Adopters of SPF? Survey says: Spammers!
For additional similar stories check out our archives on Phishing
Domain Keys ?Adopted? by Phishers
Domain Keys is another flavour of email sender authentication, along with SPF and Microsoft Sender I.D., designed to help ensure that email which claims to be from Sender X is in fact from Sender X. Developed last year by Yahoo,…
Trackback by Lockergnome's Net Patrol — 11/30/2004 @ 12:27 am