ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive

2008-02-08 14:00:59
from [Steve Atkins] [Permanent Link] 

On Feb 8, 2008, at 12:18 PM, MH Michael Hammer (5304) wrote:



It's an assertion that the sender would prefer that the
recipient not deliver some small fraction of legitimate email
as well as some small fraction of illegitimate email, rather
than delivering those small fractions of legitimate and
illegitimate email.
I'm not sure that I would agree with framing it as "some small fraction 
of illegitimate email". Tracking phishing attacks against our brands
since we have started signing, a receiver checking DKIM and/or SPF would 
have easily identified 100% of those fraudulent emails.


You're tracking at the wrong thing then, clearly.

Checking my personal mailbox for mails using your brand:

From: AmericanGreetings.com <duhv(_at_)mailcity(_dot_)com>
From: americangreetings.com <yks(_at_)mcelectric(_dot_)com>
From: "americangreetings.com" <art(_at_)jeri(_dot_)com>
From: "AmericanGreetings.Com" <nceg(_at_)planet(_dot_)nl>
From: "americangreetings.com" <zzp(_at_)kent(_dot_)edu>
From: "AmericanGreetings.Com" <bxe(_at_)37(_dot_)com>
From: "AmericanGreetings.Com" <uubx(_at_)bergercpa(_dot_)com>
From: "AmericanGreetings.Com" <hvxi(_at_)shwgroup(_dot_)com>
From: "americangreetings.com" <alht(_at_)motoconcess(_dot_)com>
There were also dozens of other mails that used the americangreetings.com brand in the body or subject of the message, but not in the From: field.
So, in the data I'm looking at, the "small fraction of illegitimate mail" that would have been caught by SSP or anything similar would be 0%.
(None of the americangreetings related stuff is actually "phishing", of course, but many of the issues are quite similar to those of brands that actually are phished). 


In the senders opinion, it is more important that mail
claiming to be from them not be delivered than for it to be delivered. 



I think a more appropriate phrasing would be:

"In the senders opinion, it is more important that mail claiming to be
from them and not conforming to certain parameters not be delivered than for it to be delivered - even at the risk of some legitimate mail being 
discarded."
That's a less clear way of saying much the same thing. You want recipients to not deliver some small subset of the mail that uses your brand without your permission, even at the cost of not delivering some small subset of mail using your brand with your permission. 


The english meaning of "discardable" matches the semantics
pretty well. If we want implementors to easily understand and
deploy the specification, and more importantly the limits of
them doing so, thats fairly important.


Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive, Steve Atkins
Next by Date:  RE: [ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive, MH Michael Hammer (5304)
Previous by Thread:  RE: [ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive, MH Michael Hammer (5304)
Next by Thread:  RE: [ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive, MH Michael Hammer (5304)
Indexes:  [Date] [Thread] [Top] [All Lists]