Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail (dkim)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-12-23 at 17:27 -0500, Nathaniel Borenstein wrote:
>    
> Far from trying to "leave only one authorization method," the DKIM 
> effort is an attempt to show, by example, how an arbitrary number of 
> such methods might eventually be elaborated and standardized.

There is danger viewing any abuse control mechanism as representing a
"authorization" scheme.  The control method should strive to identify
the source of abuse, and not just whether the message has been
authorized.  The DKIM signature provides a fairly strong indication of
the message source, with a normal potential for abusive replay as with
any cryptographic method.


> It is an attempt to define one method first, as a step towards
> defining as many of them as possible/necessary rather than arguing
> endlessly over which is best.  For most of us, support for DKIM does
> NOT imply opposition to any other proposals related to controlling
> spam and related ills.  A lot of us who have worked on DKIM were
> previously active in trying to bridge the gap between SPF and Sender-
> ID, and despite the disappointments we'd still like to see that effort
> succeed, as well as quite a few other anti-malware ideas and
> technologies.

Those who envision SPF or Sender-ID as a means to control spam, clearly
have not considered the inherent weakness in an "authorization" scheme.
Bad actors are adept at adopting any such authorization.  Reputation
remains the only solution able to abate the bulk of abuse.  When
reputation is applied against an "authorization" as an identifier,
innocent email-address domain owners will be seriously harmed.  Abusers
will find acceptance methods for an authorization scheme.

To abate abuse, name-based identifiers are needed to overcome growing
exploits. Reliance upon "authorization" as an abatement control must be
avoided as inherently unfair.  The DKIM signature can identify the email
source, and when considered independent of any email-address, can
establish non-disruptive reputation based abatement controls.  A
verified EHLO can also serve the same purpose.  There are drafts and MTA
extensions available today to offer this similar low cost solution.

If the desire were really to abate abuse, there is no mystery what can
help.  CSV, BATV, and the base DKIM would be examples of schemes that
can identify email sources.  Name-based schemes can significantly reduce
the amount of spam when coupled with fair reputation assessments.

Authorization is clearly not an abatement solution.  Authorization
should be seen as a method to shift the burden onto the email-address
domain owner.  The outcome of an authorization strategy in today's
shared environments would likely damage the reputation of most email-
address domains.  The exception may be for the mega-domains less
sensitive to reputation assessments simply due to their size.

DKIM should be devised to exist without requiring an authorization
scheme to handle message replay or unsigned messages.  When MTAs and
MUAs are designed to recognize the source of email using DKIM
signatures, reliance upon authorization (or reputation) for spoofing
protection would be unnecessary.  Reliance upon visual examination that
often involves acquiring every look-alike domain may also become
unnecessary.  Recognition ability could be rapidly included in the MTA
to offer immediate protections for commonly spoofed domains, while
avoiding the disruption an "authorization" scheme is sure to cause
current email practices.

-Doug


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]