I suppose bad actors could also be construed as any person or process which
introduces unauthorized email message content change. I for one will have
to think on this one before answering.
Does anyone else have anything to say on this thread? Please post and help
us out.
--
Arvel
Here's what I think.
1. Who are the bad actors that DKIM is trying to thwart? Put another
way, if DKIM is deployed, what bad actors will have to find a different
way to perform their bad acts.
The bad actors are anyone who would use a domain name in an identity
header of an email message without authorization from the domain owner.
The same will have to discover a new means of doing so.
2. Where are these bad actors in the protocol environment? Where in
the email system do they pop up to perform the acts that DKIM is trying
to prevent. Again, different bad actors may appear at different places.
3. What are the bad acts that DKIM is trying to thwart? The first two
questions are really background for this question.
These are so related it's hard for me to separate. Unauthorized domain
use is a means to several ends. The 'end' will determine where, in the
email delivery chain, the bad actor "pops up". When the goal is to trash
the reputation of a domain owner in the eyes of an email user or ply some
scam part of which requires the unauthorized use of a domain to lend it
credibility, the "pop up" is the MUA of an email user and the effect takes
place in the mind of that user. When the goal is to thwart filtering
agents or attempt to manipulate a receiving domain's incoming email policy
in some way the "pop up" is at the point wherein those processes are
invoked and the effect is in reducing or rendering useless the
effectiveness of those processes.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org