I-D Action: draft-otis-dkim-harmful-04.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : DKIM is Harmful as Specified
	Author(s)       : Douglas Otis
                          Dave Rand
	Filename        : draft-otis-dkim-harmful-04.txt
	Pages           : 22
	Date            : 2013-10-21

Abstract:
   Currently, email lacks conventions ensuring SMTP clients can be
   identified by an authenticated domain.  Unfortunately many hope to
   use DKIM as an alternative, but it is independent of intended
   recipients and domains accountable for having sent the message.  This
   means DKIM is poorly suited at establishing abuse assessments of
   unsolicited commercial email otherwise known as SPAM, nor was this
   initially DKIM's intent.  DKIM lacks message context essential to
   ensure fair assessment and to ensure this assessment is not poisoned
   (Who initiated the transaction and to whom).

   DKIM was instead intended to establish increased levels of trust
   based upon valid DKIM signatures controlling acceptance and what a
   user sees within the FROM header field.  But DKIM failed to guard
   against pre-pended header fields where any acceptance based on valid
   DKIM signatures is sure to exclude header field spoofing, especially
   that of the FROM.  This weakness allows malefactors to exploit DKIM
   signature acceptance established by high-volume DKIM domains to spoof
   ANY other domain, even when prohibited within the Signer's network.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-otis-dkim-harmful

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-otis-dkim-harmful-04

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-otis-dkim-harmful-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux