[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
Steve Atkins wrote:
A lot of the controversy about SSP is based on false
positives - mail
that was signed when sent but is not signed when received.
I know that various people have been looking at the cases
where that
can happen, but I don't recall seeing any quantitative results
presented. If they have been, could someone point me at them?
I wonder whether this issue might be amenable to resolution
without worrying about empirical statistics.
In other words: Perhaps one or all SSP settings require
non-breakage along the path. If there is breakage, the
mechanism is effectively disabled.
In other words: Exactly how bad is it, for a legitimately
signed message to fail the signature check and then be
subjected to the usual vagaries of filter analysis?
Similarly: Exactly how bad is it for an SSP I-Sign-All
domain to have an unsigned message succeed through filters
and get delivered? (I am tossing this into the mix, from the
exchange Delany and I are having, about dictating delivery behavior.)
I think that the sensible mail filtering product providers (i.e. the ones whose
stock grants may end up worth something) would generate their own statistics.
So I would expect to see the filters at large ISP note that if an email
purports to come from Ebay and its not signed and Ebay has an 'I sign
everything' policy then its probability of passing the spam filters is
remarkably low (1-2% ?)and the chance that it will be reported as phishing if
delivered is very high (compatible with 100% spam).
One value of having the policy in place is that Ebay can stop signing or change
its signing profile without being clobbered by filters that have learned to
expect that Ebay signs everything but do not have an explicit statement to that
effect.
In other words all the ills that can flow from having policy that is
misinterpreted can also flow from not having policy and in many ways these
results are worse.
I would certainly hope that the filters themselves have the ability to note
things like '100% of the messages I attempt to verify turn out to be broken,
therefore I conclude that there might be something wrong with incomming email
and will tell my operator to check or possibly request a test message from a
known good source.'
We have a reactive system here. DKIM is intended to change the infrastructure
of email and the attackers are attempting to stop it. So statistics are good at
the level of telling if something is a 1% effect, 5% effect 20%, 80%, 95%, 99%.
But guessing how they will react is just that.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html