[Standards-JIG] proto-JEP: Best Practices toPrevent PhishingAttacks on the Jabber/XMPP Network
ian.paterson at clientside.co.uk
Wed Nov 16 08:30:51 UTC 2005
> > I wondered if the title could be Preventing JID and
> > Name Spoofing?
> Yes, I've gone back and forth on the title. My research
> indicates that the term "spoofing" covers both address
> forging (which is very hard in Jabber systems) and
> mimicking (which is relatively easy), so I'd prefer
> something like "Best Practices to Prevent Mimicked JIDs"
> or somesuch.
> > The example in the introduction is not visible on most
> > systems since Cherokee fonts are usually not installed
> > outside North America. ;-)
> Maybe I should make an image out of it?
Yes (Cherokee is interesting), although an image would make distribution
of the JEP more complicated.
Perhaps you could (also) provide a more realistic example e.g. the
substitution of one letter wih a number. FYI, the domain name auction
sites used to be full of this type of abuse.
More information about the Standards