On Jan 19, 2006, at 11:35 AM, Eliot Lear wrote:
Douglas Otis wrote:
The bad actors will have absolutely no trouble sending their spam
through a list-server that is generally white-listed. Yahoogroups
have lists where participants are in the millions. Once the bad
actor reclaims their message, perhaps from the archive, they can
then replay these spams world-wide and take advantage of the
sterling reputation of the list. How long will it be before that
list's reputation becomes less than sterling?
I think this is as it should be. If bad actor makes it on the list
in the first place, then list isn't doing a good enough job of
validating its members as good actors.
Most lists confirm the email-address by mailing back a link to verify
that the participant indeed receives email at that email-address and
wishes to subscribe to the list, a double op-in. Will participants
on a list need to have their own certificate? You seem to be
validating Phillip's concept of using trusted certificates rather
than DKIM's self issued public keys.
Bad actors only need to post one message to then replay that message
without limit within the delivery timeframe. This problem will exist
for any large domain, where many compromised systems will do the same
thing. Outbound filtering will not prevent this problem either. If
the reputation of the signature has value, then the sender should be
careful where they send it, and likewise the recipient should be
careful who is allowed to see it. An overlay of the incoming
signature by an MDA signature clearly indicating its role would
ensure the message could never be used in a replay. An overlay
practice does not involve the creation of a difficult establishment
of trust mechanism with anonymous list-participants. DKIM was
attempting to avoid this problem. By limiting possible sources for
replay abuse, bad actors can be identified by where they send the
messages for replay.
Sender beware. If it were to become common practice to overlay or
remove the DKIM signature upon delivery, then the number of sources
that would need to be listed as a replay risk would quickly become
diminishing few, well within the timeframe where DKIM has acceptance
value. DKIM as a basis for acceptance ensures abusive message replay
will be prevalent without mitigating mechanisms. Chasing after
millions of signatures of replayed messages will overwhelm any
protective services. It may become common practice to selective sign
or not send messages based upon the destination.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org