Douglas Otis, wrote:
The concern is rather simple. DKIM as it currently stands, only
offers per-user-keys as a possible solution to control replay abuse.
I'm having trouble seeing the threat with replay.. Can someone help
differentiate these two scenarios:
1. Replay
2. Sending mail from that domain from within the organisation (Eg. An
employee sending thousands of emails through Outlook)
Is the replayer and rogue employee the only problem in both cases?
If DKIM is supposed to make domain owners responsible for the email from
that domain, should it not be the domain owner preventing replay/abuse,
not DKIM?
Cheers,
Paul
Get the latest news on SurfControl and our products,
subscribe to our monthly e-newsletter, SurfAdvisory at:
http://www.surfcontrol.com/resources/surfadvisory/surfadvisory_signup.aspx
*********************************************************************
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited and may be
unlawful. If you believe that you have received this email in error,
please contact the sender.
*********************************************************************
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim