Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)
Matt Simerson <matt@tnpi.net> Mon, 08 July 2013 02:27 UTC
Return-Path: <matt@tnpi.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E385921F9F04 for <dmarc@ietfa.amsl.com>; Sun, 7 Jul 2013 19:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdbKsxx3stRp for <dmarc@ietfa.amsl.com>; Sun, 7 Jul 2013 19:27:24 -0700 (PDT)
Received: from mail.theartfarm.com (mail.theartfarm.com [208.75.177.101]) by ietfa.amsl.com (Postfix) with ESMTP id D79B521F9D3E for <dmarc@ietf.org>; Sun, 7 Jul 2013 19:27:23 -0700 (PDT)
Received: (qmail 73458 invoked by uid 1026); 8 Jul 2013 02:27:23 -0000
Received: from c-76-121-98-64.hsd1.wa.comcast.net (HELO [10.0.1.32]) (76.121.98.64) by mail.theartfarm.com (qpsmtpd/0.93) with (AES128-SHA encrypted) ESMTPSA; Sun, 07 Jul 2013 22:27:23 -0400
Authentication-Results: mail.theartfarm.com; auth=pass (plain) smtp.auth=matt@theartfarm.com; iprev=pass
X-Virus-Checked: by ClamAV 0.97.8 on mail.theartfarm.com
X-Virus-Found: No
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tnpi.net; h=content-type:mime-version:subject:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=mar2013; bh=zU6/BtH7XONnZP2I6U0PSeZXxUPkkoT7QEHEArUh5WE=; b=GyyDZigF/RBeZolKDkOUFGotZ+tjZWydjP6SKWERyJX8vFIzmZOB2iMIXkAgU5kNxvOxDlJUOLzyUvvUwKPXBeQ1O/9PTCeQbtiTUleF3qqyiOiL4a4SCcVo6OAuDbs0XhCVfhbLfdyof5S0ANOq6ka2IcDWdb4PSP3BO5lIlJzg2UjU+6102/7VGhEAdx5a1nrSrDH6J+BAMuqCa8MF4qDorcOu19y+Ya22hzuIVfPv5UrkBQgV1cyhl41Zk+GhHxREAFfSndMFAjf5qf8QbN/uV/FkBVAcAG8ZPSSq2nSDlSC2vmmcFOhAKSlFqdZUStWSZ8kKEO33WnzrX9Q84A==
X-HELO: [10.0.1.32]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Matt Simerson <matt@tnpi.net>
In-Reply-To: <D9CB0D71-453D-48BC-8049-0A89B6CC6394@tnpi.net>
Date: Sun, 07 Jul 2013 19:27:23 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <11ACB6D3-2A24-4813-AEF8-5DF52208FB3C@tnpi.net>
References: <519B47DC.20008@cisco.com> <CAL0qLwYZOp1FNVSAmzXYkZG_O3Yv+EQrAKKLpRiE5svcOMamTA@mail.gmail.com> <6.2.5.6.2.20130523002139.0da7ac58@resistor.net> <CAL0qLwYT6BS=HGLX1-u80aqaJWefipT5tcg5Ut_549y4rOej9g@mail.gmail.com> <51D858EB.3030202@gmail.com> <CAL0qLwZAVH=bK=jZKuk4ZkcELSXQ0SB5_WoHKETTZwo5f43Qtw@mail.gmail.com> <CAL0qLwb-m7BEBQ7snR4zQqMWu0H17P-+aOaxb=4t8pY58dXGRw@mail.gmail.com> <D9CB0D71-453D-48BC-8049-0A89B6CC6394@tnpi.net>
To: "Murray S. Kucherawy" <superuser@gmail.com>
X-Mailer: Apple Mail (2.1508)
Cc: Dave Crocker <dcrocker@gmail.com>, SM <sm@resistor.net>, "dmarc@ietf.org" <dmarc@ietf.org>, Eliot Lear <lear@cisco.com>
Subject: Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 02:27:28 -0000
Oh humbug, the formatting was stripped out. <t hangText="Cousin Domain:"> A registered domain name that is deceptively similar the name of a known entity. The entity name is familiar to users and therefore imparts a degree of trust. The deceptive similarity can trick the user by embedding the essential parts of the entity name in a new string (e.g., "companysecurity.example" to attack "company.example"), or it can use some variant of the entity name, such as replacing 'i' with '1'. This latter form is sometimes known as a "homograph attack". </t> On Jul 7, 2013, at 7:25 PM, Matt Simerson <matt@tnpi.net> wrote: > On Jul 7, 2013, at 12:25 AM, "Murray S. Kucherawy" <superuser@gmail.com> wrote: > >> How's this, if you'll pardon the XML? >> >> > > I simplified the description by removing the 'target' abstraction. There are legitimate purposes for cousin domains, such as helping poor spellers and heading off typosquatting. > > I don't think the distinction of end-users is helpful. It implies that some class of users are not susceptible to cousin domain attacks. There's ample evidence that is not the case. > > Matt > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] Fwd: Eliot's review of the DMARC spec Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC… SM
- Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC… John Levine
- Re: [dmarc-ietf] Eliot's review of the DMARC spec Tim Draegen
- Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC… Matt Simerson
- Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC… John R Levine
- Re: [dmarc-ietf] Eliot's review of the DMARC spec Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: Eliot's review of the DMARC… Murray S. Kucherawy
- Re: [dmarc-ietf] Eliot's review of the DMARC spec Eliot Lear
- Re: [dmarc-ietf] Eliot's review of the DMARC spec John Levine
- Re: [dmarc-ietf] Eliot's review of the DMARC spec Murray S. Kucherawy
- [dmarc-ietf] Review of draft-kucherawy-dmarc-base… SM
- Re: [dmarc-ietf] Eliot's review of the DMARC spec John R Levine
- Re: [dmarc-ietf] Review of draft-kucherawy-dmarc-… Franck Martin
- [dmarc-ietf] cousin domain definition (was Re: Fw… Dave Crocker
- Re: [dmarc-ietf] Review of draft-kucherawy-dmarc-… SM
- Re: [dmarc-ietf] cousin domain definition (was Re… Matt Simerson
- Re: [dmarc-ietf] cousin domain definition (was Re… Dave Crocker
- Re: [dmarc-ietf] cousin domain definition (was Re… Elizabeth Zwicky
- Re: [dmarc-ietf] cousin domain definition (was Re… Matt Simerson
- Re: [dmarc-ietf] Review of draft-kucherawy-dmarc-… Franck Martin
- Re: [dmarc-ietf] cousin domain definition (was Re… Franck Martin
- Re: [dmarc-ietf] cousin domain definition (was Re… Dave Crocker
- Re: [dmarc-ietf] cousin domain definition (was Re… John Levine
- Re: [dmarc-ietf] cousin domain definition (was Re… Murray S. Kucherawy
- Re: [dmarc-ietf] Review of draft-kucherawy-dmarc-… SM
- Re: [dmarc-ietf] Review of draft-kucherawy-dmarc-… Murray S. Kucherawy
- Re: [dmarc-ietf] cousin domain definition (was Re… Murray S. Kucherawy
- Re: [dmarc-ietf] cousin domain definition (was Re… Matt Simerson
- Re: [dmarc-ietf] cousin domain definition (was Re… Matt Simerson
- Re: [dmarc-ietf] cousin domain definition (was Re… Dave Crocker
- Re: [dmarc-ietf] cousin domain definition (was Re… MH Michael Hammer (5304)
- Re: [dmarc-ietf] cousin domain definition (was Re… Steve Jones
- Re: [dmarc-ietf] cousin domain definition (was Re… Barry Leiba
- Re: [dmarc-ietf] cousin domain definition (was Re… Scott Kitterman
- Re: [dmarc-ietf] cousin domain definition (was Re… Steve Jones
- Re: [dmarc-ietf] cousin domain definition (was Re… Matt Simerson