dkim-ops
[Top] [All Lists]

Re: [dkim-ops] Q: "dkim=discardable"

2008-10-30 13:53:39


-----Original Message-----
From: John R Levine [mailto:johnl(_at_)taugh(_dot_)com]
Sent: Thursday, October 30, 2008 1:35 PM
To: MH Michael Hammer (5304)
Cc: dkim-ops(_at_)mipassoc(_dot_)org
Subject: RE: [dkim-ops] Q: "dkim=discardable"

Really, it says feel free to throw our mail away if you have the
least
doubt about it.

Is that really what it says? Or is that your personal qualitative
interpretation of something which is not as whimsical as you are
presenting it.

I wrote the language in the ADSP draft, and that is what I meant when
I
wrote it.


Then you should have wrote what you meant rather than what you wrote
which doesn't match what you now say is the intent. Sometimes semantics
are important.

What that ADSP discardable record published by a sender is saying is
that all email for this domain is signed and if a signature is
missing
or fails to validate it is safer (from the receivers perspective) to
discard the email than for it to be delivered to the recipient with
the
consequental potential for phishing, trojans, identity theft, etc.

Right.  You're better off throwing the message away.  It's not worth
reading.  See?  We agree.


I didn't say it isn't worth reading. In fact, I specifically couched it
in terms that address risk. It may be that the discarded email is very
important. It may be that the discarded email is a phish/malware Trojan
that is worth nothing to the potential recipient and represents a very
significant risk. Tomorrow there should be a press release from one of
the security companies about hundreds of thousands of compromised bank
accounts and a particular Trojan gang. That's what ADSP is really about.

This is like anything else. If people do things they don't
understand in
ways that cause bad outcomes, they will either adjust what they are
doing or incur the consequences. For example, if a person publishes
a
DKIM record along with ADSP and the public key expires did they
really
intend to have mail discarded? Probably not.

Right.  That's why I expect to keep a short private list of domains
whose
mail actually is all signed and is heavily enough phished that it's
better
to discard the unsigned ones, most likely including ag.com, and ignore
ADSP.


So if you don't believe that ADSP is of any value, why would you put
your name to it? BTW, the ag.com does not DKIM sign (yet). You would be
much better off looking at our major greeting card site domains. 

And that is why DKIM and ADSP are important and useful. Without a public
mechanism for a (heavily phished) domain to assert signing practices it
becomes extremely difficult for receivers to figure out which domains to
include in that short list as you assert is a more useful practice. If a
domain is willing to make an assertion then it is implied that they have
an obligation to take responsibility for what they assert. On the flip
side, if a domain makes a strong assertion and you as a receiver ignore
that assertion and pass (validation) failure mail to the enduser it
becomes your responsibility for the consequences of your decision.

If I as a sendxer choose to publish "discardable" and you pass a
phishing email that Trojans one of your endusers, when they contact me
with a complaint I'm going to tell them to speak with you if you ignore
my DKIM/ADSP assertions and my SPF (-all) assertions. This of course is
based on abuse of my domains in the From (email address)/Mail From and
not "cousin domain" type abuse.

Mike

_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops

<Prev in Thread] Current Thread [Next in Thread>