ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP security relies upon the visual domainappearance

2005-11-20 13:49:58
from [Hector Santos] [Permanent Link] 
----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>



You might have brow beating down Scott, but this is totally
false because the MTA can reject it before the MUA.  It doesn't
need a VISUAL presentation or confirmation.


How is a look-alike domain rejected by comparing the From and
signing-domains?


Signature/SSP valid or invalid?

invalid --> reject
valid   --> accept

Pretty much use the SSP Verify Chart for a guideline.

Doug, once again.  It is about technical consistency.  You must have
technical consistency before you make any sense of subsequent heuristic
models, if any, and as you said, reputation, manual or automatic, is usually
the way to deal with such fraudulent email.

You won't be able to STOP *compliant* malicious senders using any logic,
including yours.

Now, with DKIM, the main domain can take action by registering all the
near-domains and declare a NEVER DKIM SSP policy, similar to what
EarthLink.com did with near-domain "eartlink.com" by creating an SPF
EXCLUSIVE always fail policy.

   nslookup -query=txt eartlink.com

   Non-authoritative answer:
   eartlink.com    text =

         "v=spf1 -all"

So you see, EarthLink has taken a proactive stance and made a global
declaration - Do not expect mail from this domain.

Think about it. What makes this a BAD or GOOD domain to the computer
software?  It doesn't know the difference unless there is some "knowledge
bank" of information or domain policy to work with.

Well, high-value domains, actually anyone, can do the same type of proactive
protection for near-domains or any domain they don't wish to be used.   We
have some domains that have nothing to do with email. Some are just web
sites. Some are not even active yet.  Yet, they were already harvested and
are used for email spoofing.  With DKIM or SSP, I can create ALWAYS REJECT
policies.

With your method, you want to remove ALL deterministic method for mail
rejection based on consistency. You want to use a "Take the first strike"
baseball analogy to build a knowledge base of reputation information.  Get a
feel for the pitcher.   The problem?  You don't really know if you are going
to get the same pitch again.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Scott Kitterman
Next by Date:  [ietf-dkim] Comments on the Threat Draft - draft-fenton-dkim-threats-01, Jim Schaad
Previous by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domainappearance, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]