Domain Keys “Adopted” by Phishers

Domain Keys is another flavour of e-mail sender authentication, along with SPF and Microsoft Sender I.D., designed to help ensure that e-mail that claims to be from Sender X is, in fact, from Sender X. Developed last year by Yahoo!, and deployed last month, its primary purpose in life is to help prevent the forging of the return address in e-mail. (The same holds true for SPF and Sender I.D.; in all three cases they are anti-forgery schemes. Now that you know that, whenever you hear someone bemoan that SPF or Sender I.D. or Domain Keys don’t stop spam, you can look smugly down your nose at them and inform them that they never were about stopping spam – they are about stopping forgery).

However, surprise surprise, it turns out that phishers have started adopting Yahoo!’s Domain Keys technology and using it in their phishy e-mail.

Why this is a surprise to anyone is beyond Aunty. It is not only exactly what happens with any e-mail technology designed to help ensure the delivery of e-mail, but it is exactly what you would expect to happen.

The question is not whether scammers, spammers, and other nefarious Internet baddies adopt the technology. The question is whether they can adopt it successfully.

By way of example… [Continued]