On 7/25/10 5:48 PM, John Levine wrote:
I'm finally beginning to buy that something akin to DBR may be
necessary, but it's still weird to me that the point is that the
average sysadmin can't be trusted to do ADSP right. But then why,
for example, can he/she be trusted to do DNS or SMTP or even
TCP/IP right without some sort of vouching or reference service
asserting competence?
It's a perfectly reasonable question. To me, the problem with ADSP
is that if we imagine the process of delivering a message to be a
running race, ADSP is a gun pointed at your foot offered to you at
the finish line.
As we all know, admins can and do screw up anything, but with most
mistakes, the damage directly affects them. If you screw up your
MX, your own incoming mail won't work. If you screw up your ADSP,
your mail will work fine, while other people's mail systems will
mysteriously lose mail.
For domains targeted in phishing attacks, ADSP allows system admins to
do it "right" only when no informal third-party service is ever used.
These informal services, such as mailing-lists, are not suitable for
transparent authorization, and result in message loss when the
"discardable" assertion is made. When "all" is made, results are not
actionable due to uncertainty from possible informal service use.
Unfortunately, the remedy recommended for informal services is to deploy
unprotected subdomains. This is clearly the "wrong" thing when
attempting to mitigate phishing. Such a tactic invites more phishing
and more victims amidst increased confusion.
A reputation or vouching service will be unable to properly determine a
domain's signing compliance, and whether informal third-party services
are ever used. Without a simple relationship assertion between targeted
domains and informal third-party services being supported, reputation
or vouching will also remain problematic, where just blame being
redirected. Any recommendation from vouching or reputation services
would be "ready-fire-aim" with system-admin's feet still suffering, but
now beyond their control, while phishing continues unabated.
The number of domains being phished takes the problem beyond the realm
of any effective manual response. A scheme that allows informal
third-party services, only after confirmation of a header field, allows
recipients a proactive means to recognize different message sources.
There is an article discussing this at:
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/64_avoiding_the_whack-a-mole_anti-phishing_strategy__july_22__2010_.pdf
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html