On Jan 19, 2006, at 9:58 AM, Jim Fenton wrote:
I believe that signatures from lists (and other third-parties) will
be more dependent on reputation and accreditation (and local white
lists and black lists). This is because third-party signatures
allow messages to be signed by anyone, not just the originator's
domain, so it's more important to have some information indicating
that the third party is reliable. Domains that host many reliable
lists, like ietf.org, imc.org, mipassoc.org, yahoogroups.com, etc.
as well as those that operate other third-party signing
applications (evite.com, nytimes.com, ...) will generally be
whitelisted. But it will be very easy for attackers to apply third-
party signatures from throwaway domains so domains with little
reputation will have difficulty getting their third party
signatures accepted. This isn't a characteristic of DKIM, but is a
characteristic of how I expect it will be used in a few years.
The bad actors will have absolutely no trouble sending their spam
through a list-server that is generally white-listed. Yahoogroups
have lists where participants are in the millions. Once the bad
actor reclaims their message, perhaps from the archive, they can then
replay these spams world-wide and take advantage of the sterling
reputation of the list. How long will it be before that list's
reputation becomes less than sterling?
A reputation service will have an inordinate effort sending out all
the collected bad signatures attempting to keep ahead of all those
messages sent through list-servers or via compromised systems in
large domains. Senders and recipients needs to play a role in
squelching this problem. Senders need to keep track of where they
sent abused messages that are being replayed and block-list those
recipients. Recipients wishing to keep from being block-listed would
then ensure no user ever sees a valid incoming signature, but instead
replaces these signatures with an MDA signature. When done
universally, the sources for replay abuse should be reduced to a
point where efforts to contain the problem are not overwhelmed.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org