Hector Santos wrote:
Sent: Friday, January 25, 2008 12:55 PM
To: Frank Ellermann
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] SSP vs. reputation
Oh I see, you are "redirecting" the original mail to someone
else as if it was "new."
You are not using the FORWARDING features of the MUA.
Well, I think I would prefer the protection here because even
though you are a GOOD GUY, if we allow this loophole, the bad
guy will exploit it.
Absolutely true.
The end result is that if you see my messages are "special",
then you know that you can't "resend" it as "me."
All your messages are special!
Your MUA should tell ya
"Sorry, you can't do this. This message is Special."
I agree that a well behaved MUA would do this. BAD MUA! BAD!
We can't have it both ways. The same way of doing things and
expect to get the security we are seeking.
+1
Found this interesting article which is germane even if I don't agree
with the authors conclusion and desire to pull an "Al Hague".
E-mail and its security discontents
Why Microsoft, Cisco, IBM and others need to step up to protect SMTP
http://www.arnnet.com.au/index.php/id;1603491549
Something has to give and this one is perfectly acceptable to
me because it helps secured my domains as I intended it to be
secured with a DKIM=STRICT.
And this desire for protection grows as we all run in circles. The other
day I was going through some boxes that had been sitting in my basement
for a (long) while. Found a box filled with internet industry magazines
from the mid-to-late 1990s. With only a few tweaks the articles and
letters to the editor related to abusive email would be applicable
today.
Food for thought.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html