50% of the spam we see is RFC compliant DKIM signed, DKIM isnt the issue in
your example its the operator and how they determine reputation
On Oct 11, 2010, at 9:23 PM, Hector Santos wrote:
Dave CROCKER wrote:
On 10/11/2010 3:05 PM, Wietse Venema wrote:
If you believe that sending mail with a valid bad guy signature is
an interesting attack on DKIM, then that implies that you're willing
to believe mail that is signed by arbitrary strangers.
Well...
But it's not an attack on DKIM.
It's not really an 'attack' on anything, but the most one could claim is
that
it's an attack on the recipient's reputation data base, or failure to use
one.
The DKIM part is used correctly and works fine. So there's no 'attack'.
Thats "poster framing" material.
I sure hope you are right. After all, President Obama did get by your
defenses on your list.
No Signature, Double From ---> Trapped/rejected by mipassoc.org
DKIM signed Double From ----> Accepted, Resigned by mipassoc.org
So without DKIM, 100% RFC5322 compliant - trapped multiple 5322.From
headers. With DKIM, there is a loophole. Go figure.
Lets hope this DKIM exploit does not become common place and surprises
a bunch of layman operators. At the point, you can say you were aware
about it.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html