ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM Threat Analysis v0.06

2005-08-20 10:01:15
SM wrote:
At 09:08 18-08-2005, Scott Kitterman wrote:

It isn't entirely clear to me exactly where DKIM wants to live in this chain. Is it a tool for the SMTP server to reject messages from SMTP clients that are doing something unauthorized? Is it a tool for post-acceptance filtering and routing in the MDA? Is it a tool meant to give MUAs information to display to end users?


There has been a lot of discussion about rejection. Up to now, we have "rules" and RBLs to reject "bad" messages. Mail filtering also has a negative impact on mail delivery. DKIM also provides the building block for whitelisting mail. It can also be abused as we have seen in the discussion about replay attacks.

The better capabilities we have to reject messages during the SMTP session, the less filtering will be required. In my opinion, rejection is much better than filtering.

Rejection saves resources for the receiver. Rejection gives the sender near immediate feedback on the fate of the message.

Filtering dooms messages to an uncertain fate.

The more messages we can get rid of by rejection, the more reliable we make the mail system.

Whitelisting is important too, but unless a receiver intends to limit their correspondence to known senders, it is only a small part of the solution

Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>