[display-names] Initial Thoughts on Display Name Defenses
Dave Crocker
dhc at dcrocker.net
Wed Mar 27 12:27:01 PDT 2013
On 3/27/2013 12:22 PM, J. Trent Adams wrote:
>> The address book heuristic sounds promising, but will cause problems
>> for messages from known-but-compromised accounts, for example. This
>> just makes "compromised friends" an even more attractive attack vector.
>>
>> Another hack that occurs to me is to define a dmarc-ish enhancement
>> that says "our address will never show up in the display name". When
>> an email address is in the display name, do a dmarc-ish lookup on it
>> and check for this policy...
>
> Oooo... now that's clever! If it'd be possible to add a flag along
> these lines into the DMARC record we're not asking anyone to an
> additional lookup, plus it's a sender-side directive vs a global edict.
Note that the first heuristic (don't display unless in address book) is
simply an MUA local hack. It doesn't involve a standard.
Mine, of course, would need standardization.
It's worth assuming that there will be some potentially large set of
such policies a domain owner might declare. So there's a challenge of
making the policy encoding mechanism sufficiently extensible. I don't
have any suggestions for that. The best I can note is that there can be
multiple TXT RRs under _dmarc and a single fetch could return them all.
Not an infinitely extensible mechanism, but perhaps sufficient...
d/
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the display-names
mailing list