ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM Threat Analysis v0.06

2005-08-10 17:12:22
from [SM] [Permanent Link] 
Hi Dave,
At 15:14 10-08-2005, Dave Crocker wrote:
For any email, the recipient might view the author or sender as a good or bad actor. That is, they might want to receive the message or they might want not to 
receive it, according to criteria specific to that recipient.  Nonetheless,
there are classes of mail that are commonly assessed to be unacceptable.  The
two major examples -- and they overlap -- are:

        a.    Spam -- unsolicited bulk email (UBE), and

        b.    Forgery --  messages that state false authorship (Joe Job) that
might be known to the recipient, and might attempt to trick the recipient into
disclosing private information (Phishing).
Isn't a "Joe Job" messages that state false authorship in order to damage the reputation of a domain?
Hence, problematic mail divides between large quantities of generally undesired 
content, and *any* quantity of fraudulent content.

In the current Internet Mail environment a mail receiver can never be sure
whether a piece of mail was from the purported author they normally associate
with the claimed identity. This leads to many avenues of abuse.
In large quantities, undesired messages reduce the utility of email. Hence, the 
primary threat of spam is its volume.  By contrast, even in small quantities,
phishing messages can be extremely damaging.

Therefore, being able to discern undesired mail can be extremely useful.
Similarly being able to discern desired mail reduces the impact of the UBE
undesired mail, since it can define a more "trusted" partition of email traffic. 
In these cases, reliable and accurate identification of an actor claiming
responsibility for the message permits assessing their acceptability and,
thereby, the likely acceptability of the message content.
Being able to discern desired mail can be extremely useful. We can define a "trusted" partition of email traffic and reduce the impact of undesired mail such as UBE and phishing mail. Identification of the actor claiming responsibility for the message permits us to access their acceptability.
Please note that I changed the focus in the above paragraph to "desired" mail instead of "undesired" mail. 

Regards,
-sm

_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM Threat Analysis v0.06, Douglas Otis
Next by Date:  Re: Design approach to MASS (was Re: [ietf-dkim] On per-user-keying), Earl Hood
Previous by Thread:  Re: [ietf-dkim] DKIM Threat Analysis v0.06, Douglas Otis
Next by Thread:  Re: [ietf-dkim] DKIM Threat Analysis v0.06, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]