ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: Adding SMTP client Requirements

2007-05-29 11:55:46
Hi Doug,
At 14:27 27-05-2007, Douglas Otis wrote:
As with any path registration scheme, paths must be known
beforehand.  The DOSP scheme scales to accommodate _any_ number of
paths.

That would be like SPF.

Administrators could ask users to volunteer this information, or
administrators could establish a forwarding service as a last leg of
forwarded messages.  Those wanting this accommodation could be prone
to a more spam when their account discovered, but the risk would only
affect these users.

It's an administrative burden.  We can always tell which path a mail may take.

This domain currently does not use DKIM, but assume that it did.
Their DOSP records would indicate their authorized SMTP clients for
originating SMTP MAIL FROM, and DKIM signatures.  These records could
be checked for messages not specifically addressed the SMTP RCPT TO.

A message that is BCC to you can still be confirmed as authorized
when received from an DOSP SMTP client.  Unless bad-actors have
specific knowledge of provisions accommodating forwarded messages, or
access to the authorized SMTP clients, they would have no ability to
avoid mitigations in place preventing abusive replay.

The concept is rather simple. The bad-actor is a normal user of mail- abuse.org and sends themselves messages to other accounts. Mail- abuse.org rate limits accounts and promptly disables accounts
reported and confirmed as abusive.

You can have the same functionality with per-user keys without placing any restriction on forwarding.

When DKIM serves as a basis for acceptance, without replay abuse
mitigation, the bad-actor is still able to continue sending these
messages to anyone and everyone until signatures expire.  They may
have hundreds of such messages.  If mail-abuse.org grants public
access to their service, the bad-actor could re-enroll and continue
this behavior non-stop.  Replay abuse mitigation will become

Your proposal does not prevent the bad actor from re-enrolling.

Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html