On Tue, 23 Aug 2005, Hallam-Baker, Phillip wrote:
* The cost of running spam filtering systems is very high for the
largest ISPs and for providers of spam filtering services. This cost
could be significantly reduced if there was a better way to identify the
good incoming mail. Signing emails is a much more robust authentication
technique than the simple address based scheme described earlier.
* Phishing spam that impersonates a trusted brand. A large number
of banks are willing to make a significant investment to sign all their
outgoing emails provided that doing so brings an immediate benefit.
So far DKIM has been driven mostly by the first pain point which does
not require any additional infrastructure.
That is the main thrust of my outline. I've made a note to talk about
performance improvements from identifying known-good email, though IMO
it's marginal given that only about 20% of email is good so you get better
improvements from optimizing the other 80%
The second pain point has been touched upon but we are dealling here
with a social engineering attack and DKIM is going to be a component of
a solution rather than a solution in itself
Right, so it's not in scope yet. Signing email won't give banks an
immediate anti-phishing benefit.
The real challenge in deployment is to build to critical mass.
I also cover deployment problems.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
_______________________________________________
ietf-dkim mailing list
http://dkim.org