Re: [spf-discuss] SPF, DKIM, and NIH

David MacQuigg wrote:
> Ian Eiloart wrote:
> > If SPF fails, then look for a DKIM signature. If you get a good one, 
> > you're likely seeing traditional forwarding.
> Or forwarding by a crook.  What prevents a spammer from sending a 
> billion ads for Viagra, all with a valid DKIM signature from a reputable 
> domain?  All it takes is one signed message.  The rest can be copies, 
> "forwarded" via a botnet.
> The fundamental advantage of signature-based authentication (arbitrary 
> forwarding) is a fundamental disadvantage when the forwarder is a 
> crook.  Signatures protect only that which is signed, i.e. the body and 
> a few specifically selected headers.  There is *no other assurance* in a 
> signature.  Show that Viagra ad to the original signer, and he will say 
> "Yup, that's our signature.  We sign 500,000 messages per day.  We have 
> per-account rate limits.  We even run spam filters on new accounts.  
> What else do you expect us to do? "
Nice one, David! I've tried to convert it into a shorter version in 
http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Arbitrary_forwarding


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com