[display-names] Initial Thoughts on Display Name Defenses
Dave Crocker
dhc at dcrocker.net
Wed Mar 27 12:17:51 PDT 2013
On 3/27/2013 11:18 AM, Michael Adkins wrote:
> I would rather work on a broader solution than just addresses in the
> display name.
>
> Monica suggested something a while back that I think has potential.
> Basically, don't show the display name unless the From: address is in the
> user's address book. Prior to DMARC, this wouldn't have been as valuable,
> but now that we can prevent phishers from using the exact addresses that
> we legitimately use this becomes a pretty good option to explore.
There are several lines of concern and protection that might be considered.
The address book heuristic sounds promising, but will cause problems for
messages from known-but-compromised accounts, for example. This just
makes "compromised friends" an even more attractive attack vector.
Another hack that occurs to me is to define a dmarc-ish enhancement that
says "our address will never show up in the display name". When an
email address is in the display name, do a dmarc-ish lookup on it and
check for this policy...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the display-names
mailing list