ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc.

2006-03-16 08:46:09
from [Michael Thomas] [Permanent Link] 
John L wrote:
We are concerned about phishing attacks against Cisco employees via spoofs purporting to come from Cisco itself.
Oh, OK, then your trusted signer list includes cisco.com. 

Not really, unless you consider SSP to be a "trusted signer list".
(Until a bad guy uses a zombie inside your firewall to send signed cisco.com phishes, but you can pretend to be surprised when that happens.) 

This is actually a feature not a bug: we'll at least _know_ that the
phisher is coming from inside.


By signing all our mail and having a policy that we sign all our mail,
we can be reasonably certain that mail without a valid signature isn't
from Cisco and annotate the message accordingly. This works just fine
with the exception of mailing lists.
How many phishes have you ever seen that were sent through mailing lists? 

Irrelevant. Spoofs/phishes and mailing lists corruption are
indistinguishable to a verifier. And we can be guaranteed that
if you need to merely put a Sender: into a piece of mail to get
past the checking, phishers will most certainly do that. Which
is why we don't do allow that.
From what I can tell right now, for the "typical" mailing list, it's going to validate.
Mail from this list won't validate, you know, and I doubt that many others will, but I know I'm not going to make any headway in that direction. 

Every piece of mail I've sent this morning has validated. Really.
In any event, Cisco will have to decide whether the actual cost of forbidding their employees to participate in lists that break signatures outweighs the theoretical benefits of blocking list-borne phishes. If it does, you might consider adding known well-behaved list hosts to your trusted signer list. I suspect you won't have to compile that list on your own, since we all plan to add them to our lists, too. 

We have no "trusted signer list". And we're not forbidding anything,
though other companies may and not blink an eye.

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] New Issue: z= field and EAI wg, Stephen Farrell
Next by Date:  Re: [ietf-dkim] New Issue: Why is s= REQUIRED?, Mark Delany
Previous by Thread:  Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., John L
Next by Thread:  [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., John L
Indexes:  [Date] [Thread] [Top] [All Lists]