Andrew Newton wrote:
To answer a, I believe we are better served simply by giving a
straight-forward answer: the purpose of DKIM is to prevent forgery of
email identities in the headers of email messages.
I translate this as even more simple minded than that: what are the
attack vectors
that trivially forgeable origination addresses provide:
1) Use of domain names without the knowledge or permission of the domain
in question; if nothing else, the misrepresentation is an attack
even if
the intent is benign.
2) Damage to reputation of the domain due to receivers believing that the
originating domain is at fault (often times spam)
3) Make-work attacks due to complaints from users about supposed abuse
4) Retribution attacks where known users of a domain or the domain itself
is impugned by forgery of malicious content to innocent dupes (joe-job)
5) Outright fraud attempts where victims are lured to illegitimate sites
purporting
to be a domain a user holds in trust (phishing)
6) Loss of confidence of domain users in legitimate mail actually sent
by the
domain, and the resulting work for domain operators caused by the blow
back of false alarms
feel free to add more.
Mike
Mike