ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] The state of the email system

2008-11-17 16:41:23
from [Dave CROCKER] [Permanent Link] 


David Wall wrote:




DKIM is not intended to reduce spam.
And yet so many have written articles to the contrary, including wikipedia. (search DKIM spam) 
>
Since DKIM is intended to identify the sender,
Discussion about DKIM has been resistant to any effort at careful and contingent language.
DKIM won't reduce spam, per se. It also won't reduce phishing, per se. Both of these are forms of attack and DKIM does nothing to reduce the attacks.
What DKIM will help to do is to separate out some legitimate traffic from the noise (attacks) in the current traffic stream.
Further, to say that DKIM identifies the sender is a convenient and mostly-correct short-hand that turns out to be limiting, at best, and potentially misleading.
The language we've settled on for the Overview that has been approved by the working group: 

   <http://dkim.org/specs/draft-ietf-dkim-overview-10.html>

begins with:

   "DKIM allows an organization to take responsibility for
   transmitting a message, in a way that can be validated by
   a recipient."
There is no requirement that that organization pertain to the author or the original poster of the message, or even be one of the operators in the transit path. (That is, the label "sender" is highly ambiguous.) It can, for example, be a third-party that one of the handlers request to sign the message.
DKIM is about trust. It enables the development of trust assessment for a message. This does not have anything to do with MIS-trust assessment. Identifying spam and phishing about about assessing mistrust.
Given the rest of the necessary trust assessment machinery, DKIM will allow you to trust some aspects of a message.
The fact that you can trust one message does not mean you should trust or mistrust another.
A phishing message won't be participating in this trust exercise DKIM will have no impact on whether a recipient continues to succumb to a phishing message. 

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Email Postage (was Re: FeedBack loops), Barry Shein
Next by Date:  Re: [Asrg] I-D Action: draft-irtf-asrg-dnsbl-08.txt (fwd), Peter Koch
Previous by Thread:  Re: [Asrg] Positive assertions vs negative assertions Re: The state of the email system, Bart Schaefer
Next by Thread:  Re: [Asrg] The state of the email system, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]