IETF Logo Mail Archive

Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)

Scott Kitterman <sklist@kitterman.com> Mon, 08 July 2013 21:16 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F05D21F9E2B for <dmarc@ietfa.amsl.com>; Mon, 8 Jul 2013 14:16:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLrnnYUTYPRK for <dmarc@ietfa.amsl.com>; Mon, 8 Jul 2013 14:16:20 -0700 (PDT)
Received: from mailout02.controlledmail.com (mailout02.controlledmail.com [72.81.252.18]) by ietfa.amsl.com (Postfix) with ESMTP id 80F1B21F941D for <dmarc@ietf.org>; Mon, 8 Jul 2013 14:16:12 -0700 (PDT)
Received: from mailout02.controlledmail.com (localhost [127.0.0.1]) by mailout02.controlledmail.com (Postfix) with ESMTP id B22FB20E40C7; Mon, 8 Jul 2013 17:16:11 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2007-00; t=1373318171; bh=acUtea0e795MrVU5rgkBc3LfM4QxWrRO9TEXApAmIEo=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Q4rgfs/H8zj9sv8oBvaWU3wyfZv6jS1REXNY7PHY10iSrDHtdVgjw7lJq3DRNZIkf CWF+yjJvTqWv4s+ButQmXyVsxNLWy9myePEW4/0LKaqZzUePs6m0mXw3O/Y9jeaVxS QXSA/1k7uiI2OYuP1XFgCN735PvLM6D3BAYBuzGk=
Received: from scott-latitude-e6320.localnet (static-72-81-252-21.bltmmd.fios.verizon.net [72.81.252.21]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout02.controlledmail.com (Postfix) with ESMTPSA id 92F7920E4099; Mon, 8 Jul 2013 17:16:11 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Mon, 08 Jul 2013 17:16:10 -0400
Message-ID: <4065872.gHmrjURumF@scott-latitude-e6320>
User-Agent: KMail/4.10.4 (Linux/3.8.0-26-generic; KDE/4.10.4; i686; ; )
In-Reply-To: <CAC4RtVAmPksYdS=iT2TNN82nGgNLGkX1gZoEUggX9xcgZWoZUw@mail.gmail.com>
References: <519B47DC.20008@cisco.com> <CAL0qLwb-m7BEBQ7snR4zQqMWu0H17P-+aOaxb=4t8pY58dXGRw@mail.gmail.com> <CAC4RtVAmPksYdS=iT2TNN82nGgNLGkX1gZoEUggX9xcgZWoZUw@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-AV-Checked: ClamAV using ClamSMTP
Subject: Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 21:16:24 -0000

On Monday, July 08, 2013 05:12:26 PM Barry Leiba wrote:
> > How's this, if you'll pardon the XML?
> > 
> >  <t hangText="Cousin Domain:"> A registered domain name that
> >  
> >      is deceptively similar to a target name, which can be a
> >      domain name or the name of a known entity.  The target
> >      name is familiar to many end-users, and therefore
> >      imparts a degree of trust.  The deceptive similarity can
> >      trick the user by embedding the essential parts of the
> >      target name in a new string (e.g.,
> >      "companysecurity.example" to attack "company.example"),
> >      or it can use some variant of the target name, such as
> >      replacing 'i' with '1'.  This latter form is sometimes
> >      known as a "homograph attack".  </t>
> 
> If it's not too late to change the term "cousin domain" for this, I
> suggest finding another term.  "Cousin" implies a legitimate relation,
> which this isn't.  I would consider, say, "ibm.com" and "lotus.com" to
> be cousin domains.  I might consider "microsoft.com", "hotmail.com",
> and "skype.com" to be cousin domains.  Things that try to look like
> they're related, but *aren't*, are what we're talking about here, and
> I don't think of those as cousins.

Doppelganger domains.

Scott K

v2.14.0 | Report a Bug | By Email