Apropos Yahoo's DK I-D wannabe-
http://antispam.yahoo.com/domainkeys/draft-delany-domainkeys-base-00.txt
posted to this thread:
It fails to meet IETF requirements for publication as an I-D, or for
serious consideration by this group.
This text is not allowed:
"This document may not be modified, and derivative works of it may not
be created. This document may only be posted in an Internet-Draft."
I discussed DK with John Levine privately. My conclusions as a result
of the conversation*:
DK requires orders of magnitude more
work to adopt, though not as much as SPF+SRS.
DK is about as reliant on blacklists/reputation services as other
proposals. Without them, CSV is not easier for a spammer to circumvent
than DK or SPF. They all require that something be put in a DNS entry
for a domain that costs approximately nothing to put there beyond the
cost of the domain itself. DKs aren't signed by CAs, remember.
Exploit: A spammer would have control of the DNS server for the
responsible domain, and a BotNet spamming node would spam with a valid
DK. The DK would be in the zombie worm that created the BotNet, or even
communicated via IRC.
So, I think DK is shown to be about as trivial to circumvent as the 40%
solution / CSV+++.
As has been said before, all the extant I-Ds, including this one, and
C-ID can only work against spamers long term in conjunction with
either
A)RHSBLs or
B)mandatory (but not necessarily monopoly/oligopoly) reputation services.
*(Don't want to quote from private email without asking for an OK, so
here's just what I said that stood.)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg