On Nov 1, 2005, at 2:19 PM, Eric Rescorla wrote:
Really?? If I see a message which is DKIM signed by iecc.com and
iecc.com is on my "DKIM white-list" this is pretty useful info right?
I can probably get away with relaxing or even skipping heuristic spam
filtering on that email with a fair degree of comfort. How is the
utility of that in any way unclear?
The scenario you cite is likely of *some* utility but it's not
clear how
much, or if it exceeds the cost of implementation and design. The
answer
to that question depends on (at minimum) (1) what the false positive
rate would have been without the whitelisting
Well, I cannot give you a specific value if you are looking for one,
but I can tell you that the number of false positives that I see is
quite high.
(2) the degree of
predictability about whitelist contents (for attackers)
I think that depends on the implementation of the whitelist. For
publicly available lists, it is quite easy. For privately created
lists, I would think it is harder though not impossible.
, and (3) the
level of zombie infection--or more precisely potential zombie
infection--of the domains which are on the whitelist.
I do not understand this. Are you speaking about zombies authorized
to send using the domains on the whitelist?
It's not clear to
me that we have good data on any of these questions, let alone an
analysis that incorporates all of them.
Well, I'm not sure you'll ever see data like this. But I think
enough people in the community have looked at their mail systems in
enough detail that they believe a domain anti-spoofing mechanism will
help reduce a good bit of their troubles.
-andy
_______________________________________________
ietf-dkim mailing list
http://dkim.org