ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] on DKIM as an anti-spam measure

2005-08-16 21:02:06
from [Douglas Otis] [Permanent Link] 
On Wed, 2005-08-17 at 02:35 +0000, John Levine wrote:


recipient-specific incentives to read their messages, recipients need
to be able to prove that "this message was sent by <sender-address> to
<my-address>".


Why?  I care a lot about who the sender is.  If the sender has a good
reputation, I want his mail.

This smells a whole lot like the replay nonsense that I thought we
dealt with a few weeks ago.  In theory, I understand that it's
possible that someone might resend messages to other recipients for
hostile purposes.  In practice, I see little incentive for someone to
do so.



You hit the nail on the head with respect to motive.

Reason 1:
Reputation often determines whether a message is accepted.

Reason 2:
When someone wants to send bulk email to thousand of recipients, the
typical provider (used by way of a zombie army perhaps) monitors a
client's outbound message rate and looks for errors in the transactions.
This limits the number of messages sent in this manner while taking
advantage of the providers somewhat good reputation.

Reason 3:
The strong identification of DKIM allows reputation services to move
away from problematic IP address based reputation services.  Reasons for
this shift could be due to high collateral blocking that often occurs
when listing an IP address which is often shared.  Abusers rarely
complain, but innocent affected parties often do.

Reason 4:
The means to accomplish such a replay assault only requires a number of
messages from a compromised account to permit these messages to then be
sent in unlimited numbers.

Reason 5:
Assume the abuser limits the number of identical replayed messages sent
to each domain.  These messages are only stopped significantly when the
signatures are disseminated to a widely employed central clearinghouse,
or when the signature expires.  These defensive strategies will likely
provide ample time to make this profitable.

Imagine what happens to the clearinghouse should this approach become a
common ploy.  There are very good reasons to move to using the name
space, rather than depending only upon the IP address.  There are very
good reasons to ensure there is a means to defend against this easy
tactic.

-Doug




_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Previous by Thread:  Re: [ietf-dkim] on DKIM as an anti-spam measure, Keith Moore
Next by Thread:  Re: [ietf-dkim] on DKIM as an anti-spam measure, Tony Finch
Indexes:  [Date] [Thread] [Top] [All Lists]