ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests

2010-08-04 13:54:32
from [Martijn Grooten] [Permanent Link] 
I've seen spam with List-ID: headers, but I don't think they were of the type I 
described. If messages that (look like they) come from mailing lists are less 
likely to be blocked by filters (whether this is because of DKIM or for some 
other reason), I'm sure spammers will one day make use of it.

To me this means two things:
a) as a receiver (i.e. filter) you should never second guess why a DKIM 
signature is broken (I don't think anyone ever suggested one should);
b) as a sender, if your mail is so important that it should be discarded if the 
DKIM signature is broken, don't send it through systems that are likely to 
break it.

Martijn.



-----Original Message-----
From: Dave CROCKER [mailto:dcrocker(_at_)bbiw(_dot_)net]
Sent: 04 August 2010 18:35
To: Martijn Grooten
Subject: Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for
mailing lists in the face of digests


That sounds like a theoretical attack.  Are there examples of this
being done in
the wild?  Do the examples demonstrate actual utility?

d/

On 8/4/2010 10:29 AM, Martijn Grooten wrote:

What is the security model that makes this expectation of

preservation

important
and reasonable, given that it is so easily and whimsically violated

by

a common
recipient-selectable setting?


There's a scenario where a spammer/phisher sets up a mailing list,

adds a bunch of addresses to the list and then sends a message with a
paypal.com From: address through the list. The DKIM signature will
obviously be invalid, but a MTA/spam filter won't be able to decide
whether this is because the message didn't really come from Paypal, or
because it did but the mailing list broke it.


Martijn.

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.



--

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net


Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Some very early implementation report details from OpenDKIM, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]