-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Friday, February 08, 2008 3:56 PM
To: DKIM List
Subject: Re: [ietf-dkim] draft-ietf-dkim-ssp-02.txt
Discardable/Exclusive
On Feb 8, 2008, at 12:18 PM, MH Michael Hammer (5304) wrote:
It's an assertion that the sender would prefer that the
recipient not
deliver some small fraction of legitimate email as well as
some small
fraction of illegitimate email, rather than delivering those small
fractions of legitimate and illegitimate email.
I'm not sure that I would agree with framing it as "some small
fraction of illegitimate email". Tracking phishing attacks
against our
brands since we have started signing, a receiver checking
DKIM and/or
SPF would have easily identified 100% of those fraudulent emails.
You're tracking at the wrong thing then, clearly.
Checking my personal mailbox for mails using your brand:
From: AmericanGreetings.com <duhv(_at_)mailcity(_dot_)com>
From: americangreetings.com <yks(_at_)mcelectric(_dot_)com>
From: "americangreetings.com" <art(_at_)jeri(_dot_)com>
From: "AmericanGreetings.Com" <nceg(_at_)planet(_dot_)nl>
From: "americangreetings.com" <zzp(_at_)kent(_dot_)edu>
From: "AmericanGreetings.Com" <bxe(_at_)37(_dot_)com>
From: "AmericanGreetings.Com" <uubx(_at_)bergercpa(_dot_)com>
From: "AmericanGreetings.Com" <hvxi(_at_)shwgroup(_dot_)com>
From: "americangreetings.com" <alht(_at_)motoconcess(_dot_)com>
There were also dozens of other mails that used the
americangreetings.com brand in the body or subject of the
message, but not in the From: field.
So, in the data I'm looking at, the "small fraction of
illegitimate mail" that would have been caught by SSP or
anything similar would be 0%.
(None of the americangreetings related stuff is actually
"phishing", of course, but many of the issues are quite
similar to those of brands that actually are phished).
I'm referring to mail that would be checked by DKIM against the From
email address (not the pretty name). My bad for assuming the scope of
the discussion was limited to what DKIM and DKIM-SSP can actually
address. If that isn't the scope then we might as well say that
asserting something in SSP doesn't stop people from speeding in
automobiles. This isn't about silver bullets. DKIM addresses particular
issues. If you prefer a constraining "where" clause then consider any of
my comments on the list as constrained by "For those things addressed
through the use of DKIM signing and DKIM-SSP.....". Having said that,
there are receivers out there that do look for mismatches between From
pretty name and email address or mismatched links in the body of the
email. This is one of the reasons that we have structured our emails the
way we have. If there were a mechanism that allowed me to automatically
communicate this I would do a little jig. Instead I have one-on-one
discussions with various receivers.
I use the term phishing because APWG and others feel that the term is
inclusive of these sorts of activities (malware links, etc). As with
other terminology I'm perfectly willing to use other terms that might be
commonly accepted.
In the senders opinion, it is more important that mail
claiming to be
from them not be delivered than for it to be delivered.
I think a more appropriate phrasing would be:
"In the senders opinion, it is more important that mail
claiming to be
from them and not conforming to certain parameters not be delivered
than for it to be delivered - even at the risk of some
legitimate mail
being discarded."
That's a less clear way of saying much the same thing. You
want recipients to not deliver some small subset of the mail
that uses your brand without your permission, even at the cost
of not delivering some small subset of mail using your brand
with your permission.
The assertions you are looking at are not the ones we seek within
DKIM-SSP. I'd be perfectly willing to see a broader means of making
assertions that would protect against other forms of abus of our
brands....as far as I know those are out of the scope of the discussion
here.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html