In my view, security has taken the back seat in DKIM. As an feature or
option, Author Domain Policy MUST be part of the package before "it is
shipped."
If you interested in the federal and industry concerns in how there is
a lack of security, thumbing down of security, not patching of known
issues, the lack of disclosure and the need for "Security By Design",
then get some coffee, sit back and watch this Congressional Hearing
video on CSPAN2:
http://www.c-spanvideo.org/program/DataT
Also see this article in how depending on a SINGLE TRUSTED SIGNER can
be affected when SECURITY is throw by the DKIM waste side - see item
#1 and #2 below:
http://www.280group.com/blog/?p=1330
What does this mean for the affected companies.
(1) Time to get a new online marketing vendor.
(2) A probable loss in the effectiveness of your
online marketing campaigns, at least for email, and
(3) it is important to get out in front of this issue, so
your customers don’t get victimized by scams.
Ironically, in the congressional hearing, one representative suggested
the idea of a "Turn off Switch" - ADSP would be perfect to turn off a
turned off or revoke a trusted signer who was breached.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html