eWeek Article misinforms readers on Yahoo Domain Keys

“Scammers Exploit DomainKeys Anti-phishing Weapon.” So screams the headline in a recent eWeek article.
Oh boy. Here we go again. Another uninformed article from a tech writer who couldn’t learn from the response to the uninformed articles about spammers abusing SPF. These articles are really dangerous. They lack any understanding about what SPF and Yahoo! Domain! Keys! actually are intended to accomplish. The articles are read by decision makers and implementers who haven’t taken the time to read up on these new technologies and they take the article at face value.
eWeek has an area for comments on its articles. One insightful comments is purportedly by Dave Anderson CEO Sendmail. He says “Authentication does not prevent fraud. It does not prevent spam. It does prevent impersonation. None of the proponents has ever suggested otherwise. Once we have email authentication we know who is sending emails and can take many actions to prevent abuse.”
It isn’t a shock to anyone but these tech writers that an open standard which can be used by anyone, is used by a spammer. Merely having a SPF record or a Domain Key should not grant passage to a message. Instead it verifies the source of the message.
The article mentions spammers using domain keys with a yahoo account. Great! If every spammer did that, when you saw a yahoo return address, you would be guaranteed the spam came through the Yahoo system and you know who to complain to.
The closing paragraph of the article is the most interesting. And most likely the most factually incorrect part of the article. “They [phishers] then send out normal phishing messages that take the recipient to an attacker-controlled page located on the bank’s server. These attacks are insidious because the victim is visiting a legitimate site, security experts warn.” According to this the phisher already has hacked the banks server. If this is the case, game over. Phishing is unnecessary, they are inside the banks server. Most likely the author was trying to say the phishing site often uses images from the legitimate server to maintain the same look and feel.
The thing that galls me most about this horrible article is that I learned about it through a SANS newsletter. They passed the URL on and quoted the article without comment. Its as if they were endorsing this article.