On Aug 17, 2005, at 10:00 AM, Tony Finch wrote:
On Tue, 16 Aug 2005, Thomas Roessler wrote:
What does "know that a message came from a designated source" mean?
One interpretation is that the recipient knows that the sender sent
this particular instance of the message to him. To make this
happen, one would probably want to sign
(message-id, message-hash, envelope sender, envelope recipient)
tuples (maybe with RFC2822.from instead of SMTP.mailfrom)
You can't include the envelope recipient address in the signature
because
it is lost when the message passes through a forwarder.
Use of HELO or a captured RCPT TO (list) would be an indication the
message was re-introduced. This could be valuable information to
mitigate anti-replay mechanisms. For mailing lists, ensuring the
HELO may be an easier tactic, and perhaps either approach could be
used. This would be an option that would be employed only for those
domains that experience problems with replay, in my view. Keith
suggested that offering the RCPT TO would instill greater confidence
in the message. When an anti-replay mechanism is hosted by the
sending domain, there may be incentives to implement one of the
mitigation options. The captured RCPT TO is the least expensive for
the recipient, and the most expensive for the sender. This improves
emails scalability.
When efforts to capture the RCPT TO prove expensive, this is only
expensive
for the sender, not the recipient.
Not true if the recipient site has to deal with multiple copies of a
message where previously it only had to deal with one.
If the RCPT TO list is reduced to those of the receiving domain, then
this overhead could be mitigated. This would involve capturing a
domain specific RCPT TO list. There would need to be check made
against the RCPT TO received versus the RCPT TO list captured. This
could be simply a hash of the list with all the fun of
canonicalization. : )
There were already schemes looking to artificially increase
burdens on the
email senders as a type of rate limiting.
They don't work, because of zombie armies. They don't work even if you
assume there are no zombie armies, because if you raise the cost
enough
to discourage spammers then you'll damage legitimate senders.
The point was that adding overhead to the sender is not always terrible.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org