David Wall wrote:
DKIM is not intended to reduce spam.
And yet so many have written articles to the contrary, including
wikipedia. (search DKIM spam)
>
Since DKIM is intended to identify the sender,
Discussion about DKIM has been resistant to any effort at careful and contingent
language.
DKIM won't reduce spam, per se. It also won't reduce phishing, per se. Both of
these are forms of attack and DKIM does nothing to reduce the attacks.
What DKIM will help to do is to separate out some legitimate traffic from the
noise (attacks) in the current traffic stream.
Further, to say that DKIM identifies the sender is a convenient and
mostly-correct short-hand that turns out to be limiting, at best, and
potentially misleading.
The language we've settled on for the Overview that has been approved by the
working group:
<http://dkim.org/specs/draft-ietf-dkim-overview-10.html>
begins with:
"DKIM allows an organization to take responsibility for
transmitting a message, in a way that can be validated by
a recipient."
There is no requirement that that organization pertain to the author or the
original poster of the message, or even be one of the operators in the transit
path. (That is, the label "sender" is highly ambiguous.) It can, for example,
be a third-party that one of the handlers request to sign the message.
DKIM is about trust. It enables the development of trust assessment for a
message. This does not have anything to do with MIS-trust assessment.
Identifying spam and phishing about about assessing mistrust.
Given the rest of the necessary trust assessment machinery, DKIM will allow you
to trust some aspects of a message.
The fact that you can trust one message does not mean you should trust or
mistrust another.
A phishing message won't be participating in this trust exercise DKIM will have
no impact on whether a recipient continues to succumb to a phishing message.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg