ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] We are actually disagreeing on the point of policy Was RE: 1368 straw-poll

2007-02-27 10:24:45
from [Hallam-Baker, Phillip] [Permanent Link] 


From: Stephen Farrell 
[mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie] 



So the *only* time you want to content-filter the message (in 
this example case) is where the message is ostensibly signed 
with some DKIM parameter (like sig-alg,c14n) that the 
receiver doesn't support and where the sender's SSP declares 
that they do, in fact, emit messages with that parameter value.

Is that true?


Almost, the additional constraint here is that you do not do content filtering 
if you have found a valid supported signature.



Can you say how you think this pans out for less-phished 
originating domains?


OK well first there are some other cases where 'all or nothing' can be applied. 
For example as chair of Keyprov I spend time every day looking at spam sent to 
the list. The list does not have any forwarding relationships. Mailing lists 
are not permitted to subscribe to the list. No mail is forwarded to the list. 

Ergo ANY message that is inconsistent with policy can be rejected immediately 
without recourse to either content filtering or moderation. 


For less phished domains I am only going to do content filtering on a message 
if:

1) There is no valid supported signature (in which case I accept)
2) There is reason to belive that it was indeed forwarded (otherwise I reject)

The point about having reason to believe the message is forwarded is that this 
is something I can track. If there are no forwarding headers at all the message 
is bogus and is rejected. Otherwise I am going to take a look at the headers 
and estimate the probability that the message is legitimately forwarded. If the 
message is from a mailing list, is from the same IP address the mailing list 
used in the past, is a mailing list that subscriber has received mail from 
previously that passed the content filtering checks then I probably accept the 
message as is.

In other words my 'content filtering' is constrained by the fact that the 
message I am processing is not consistent with the purported sender's signature 
policy and there are a limited number of ways in which this might occur.

Clearly I need rather more complex rules for a personal mailbox than for 
moderating a mailing list. But these become unnecessary if the mailing list is 
also signed. 

Since I expect mailing lists to be some of the first customers for strict 
policy enforcement in order to lessen the moderation burden it is not at all 
unrealistic to expect mailing lists to sign their outgoing messages as well.

If the keyprov list supported DKIM verification today it would eliminate over 
80% of the spam with zero false positives.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] We are actually disagreeing on the point of policy Was RE: 1368 straw-poll, Stephen Farrell
Next by Date:  Re: [ietf-dkim] Re: Today's jabber notes..., Michael Thomas
Previous by Thread:  Re: [ietf-dkim] We are actually disagreeing on the point of policy Was RE: 1368 straw-poll, Stephen Farrell
Next by Thread:  [ietf-dkim] Issue 1365: drop "never send mail"?, Eric Allman
Indexes:  [Date] [Thread] [Top] [All Lists]