Wietse Venema wrote:
Hector Santos:
Wietse Venema wrote:
If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.
Applying equal treatment should be done across the board, the valid and
invalid, not just for the so called "elite" messages.
It is with the exceptions and relaxed provisions where exploitation will
take place, the FSUSP (FAILED SIGNATURE UNSIGNED STATUS PROMOTION) is
one of them.
Perhaps I wasn't clear enough.
When a DKIM verifier gives unequal treatment to any of the following:
- no signature
- broken signature
- unsupported signature
- other failure
Then the bad guys will send their forged mail in the way that receives
the most favorable treatment.
Correct. +1. Bueno.
I think that what people need to keep completely separate is that
forensic categorization is NOT the same as what an automaton
should be programmed on. It's fine to mine all of these nuances
to look for trends, etc, but it requires judgment and some amount
of risk. A dumb automaton is usually not this informed, and we
definitely do not want to promote the idea that you naively use
those clues as if they were not gameable.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html