ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys"

2003-12-10 02:59:41
What it seems to me now, is that this proposal is not meant to be by 
itself, it rather addresses only certain points and tricks that spammers 
use. But cutting away the ability to joe-job a site unless you want to 
send all of your messages as identical, would definatly help some what.

But it doesn't even do that - a "replay" does not have to involve just
a single message, but rather a large number of similar messages.

Consider this scenario:

   A spammer gets an account at yahoo.com and sends (to some throwaway.com
   address) a few thousand almost identical messages, each of which gets
   properly signed by Yahoo.

   Then throwaway.com starts spamming those messages, with Yahoo's
   signature, and the headers faked to make it look like the message
   comes from Yahoo ... sure, the IP number does not belong to Yahoo,
   but unless you have something like LMAP you are out of luck in that
   respect.

   Of course the spammer takes certain precautions, such as not sending 
   the same variant of the message twice to the same domain - thus 
   trying to reduce the chance of anyone noticing two *identical* 
   messages.

Or am I missing something?

-- 
Fridrik Skulason   Frisk Software International   phone: +354-540-7400
Author of F-PROT   E-mail: frisk(_at_)f-prot(_dot_)com       fax:   
+354-540-7401

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>