ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check

2008-06-16 03:08:57
from [Charles Lindsey] [Permanent Link] 
On Fri, 13 Jun 2008 18:32:07 +0100, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>  
wrote:


A Practice should be defined by its specification to cover specific
transport protocols when being asserted by transmitting domains.  It
is unreasonable to suggest all transport protocols that might ever use
DKIM must employ DKIM at the same level before an ADSP assertion can
be made.  When only SMTP messages uniformly employ DKIM, then defining
ADSP as only covering SMTP permits an assertion specific to messages
introduced by the domain over SMTP. ...


But it also permits every scammer to pretend that his messages were not  
really SMTP messages at all, and thus to have them passed through  
Verifiers unscathed.

Thus if we do as you proposes (which seems to be to omit the domain  
existence check) then there will be no point whatsoever in deploying ADSP  
at all. However, it seems that the consensus is that such a check is  
essential (there is room for discussion for its details), and hence your  
idea is already rejected by this WG - unless you can come up with a way of  
avoiding this problem.


...  The assertion would be silent as
to whether NNTP might employ DKIM, for example.


It nothing to do with whether NNTP employs DKIM. If someone writes a  
Usenet with article (unsigned) with
     From: someone(_at_)foo(_dot_)remove-this-when-replying(_dot_)com
(which is quite a common practice to avoid scraping of the address by  
spammers), and if that messages is subsequently gatewayed into email  
(again a fairly common practice), then a vigilant email Verifier is likely  
to discard it. I see no way to avoid that, and it is the price we have to  
pay for better security in the email world.

As a slight amelioration of that position, i mungers could be persuaded to  
write their From addresses as
     From: 
someone(_at_)foo(_dot_)remove-this-when-replying(_dot_)com(_dot_)invalid
(which I would regard as best practice anyway), then verifiers might be  
permitted to pass that case.


Discerning whether a message was "intended" to be carried by SMTP
remains a problem for receivers.


Indeed. But if you cannot provide a method for such discernment, then we  
are forced to assume that they _were_ so intended, otherwise ADSP is  
useless.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Theory vs. practise, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] I-D.kucherawy-dkim-reporting, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Discussion of Consensus check: Domain Existence Check, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]