ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] General Feedback loop using DKIM

2009-06-16 17:23:47
from [Franck Martin] [Permanent Link] 
I had to reread a bit the proposal, but I think specifying clearly that these 
tags are for the DNS part of the DKIM record would help, just to make it 
cristal clear. Putting this information in the DKIM signature header is not the 
right place as it could lead to false reports due to fake signatures. 

The proposal is to request an email is sent when the signature fails. I would 
extend the proposal to send an email (at the liberty of the receiver) when the 
signature pass for the following conditions: 
-the email contained a virus/malware/phishing 
-the email was delivered in the junk folder /suppressed 
-the email was flaged as spam by the receiver. 

Appropriate text in the ARF report would need to match the above conditions. 

I'm worried that sending an email when the signature fails could be triggered 
by forged emails rather than by emails that contains dkim errors. DKIM being 
clearly defined, a DKIM signed email should be correct/wrong regardless of the 
destination. Easy to test the DKIM signature pass on a couple of DKIM 
reflectors. Therefore reports due to a failed signature would indicate only 
forged emails. I'm not sure what information a sender gains by knowing someone 
is forging its signature? 

----- Original Message ----- 
From: "Murray S. Kucherawy" <msk(_at_)cloudmark(_dot_)com> 
To: "Franck Martin" <franck(_at_)genius(_dot_)com>, 
ietf-dkim(_at_)mipassoc(_dot_)org 
Sent: Monday, 15 June, 2009 12:06:04 PM GMT +01:00 Amsterdam / Berlin / Bern / 
Rome / Stockholm / Vienna 
Subject: RE: [ietf-dkim] General Feedback loop using DKIM 




There’s a draft proposal out to add a new tag to keys for doing this. See 
draft-kucherawy-dkim-reporting. 






From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Franck Martin 
Sent: Thursday, June 11, 2009 6:04 AM 
To: ietf-dkim(_at_)mipassoc(_dot_)org 
Subject: Re: [ietf-dkim] General Feedback loop using DKIM 




Reviewing a bit the discussion, I see a technical solution would be to use the 
n: tag of the dkim signature to indicate where ARF report should be sent if the 
receiver wants to do that. 

So the n: tag in the dns could contain something like 
{fbl:fblmailbox(_at_)example(_dot_)com}, this would give a hint that the sender 
is processing FBL and where ARF reports shold be sent. 
[…] 


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] list expanders (was Re: chained signatures, was l= summary), MH Michael Hammer \(5304\)
Next by Date:  Re: [ietf-dkim] Modified Introduction text for rfc4871-errata (resend), hector
Previous by Thread:  Re: [ietf-dkim] General Feedback loop using DKIM, Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] General Feedback loop using DKIM, J.D. Falk
Indexes:  [Date] [Thread] [Top] [All Lists]