Re: bozoproofing DKIM concerns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dave Crocker <dhc2@xxxxxxxxxxxx> writes:

> E> AS I understand it the concern is that people who don't use DKIM
>> will eventually not be able to send e-mail to people who are using
>> it. I'm not sure that this is something that people should be concerned
>> about, indeed, the logic of this kind of system is that if it succeeds
>> that's exactly what will happen.
>
>
> Interesting.
>
> I have not heard any DKIM proponent use that logic.

Maybe not, but I think that it's the likely endgame.


> I have, however, heard critics fail to understand the difference between
>
>     a) special handling of "good" identities, versus continuing to
>     have suspicious handling of "unknown" identities, and
>
>     b) acceptance of good addresses and rejection of unknown.
>
> Proponents seek to use DKIM for a), not b).
>
> Critics keep asserting that b) is the only avenue that is possible.
>
> So, they are wrong that it is the intent and they have no empirical
> basis for asserting that it is certain or even likely to occur.

No, I don't have any empirical evidence for asserting that it's
certain or likely to occur. But in truth nobody has much empirical
evidence for anything here, so we're reduced to theorizing.

Now that we've got that out of the way, it's worth working through the
reasoning of why I think (b) is the likely endgame.  

The basic value proposition of any sender authentication system as an
input to filtering is that lets you increase the sensitivity of the
filters, while still obtaining an acceptable overall false positive
rate. Imagine that without sender auth, your filters have a false
positive rate of P and a false negative rate of N. With sender auth,
some fraction of those false positives will be eliminated, letting you
dial up the sensitivity of the filter. If we assume that the sender
authentication is perfect, then we get the following:

                      Message 
                      Authenticated
                 
                      Yes           No    
False positive        0             P' (P' > P)  
False negatives       0             N' (N' < N)


But this makes it even more attractive for the good senders to
authenticate their messages (because otherwise they stand a higher
chance of being rejected) which means that the receivers can increase
the sensitivity of their filters, and so on.  So, at the end of the
day, if something like DKIM is successful, I would expect an
equilibrium where filters are set extremely high and nearly all good
senders authenticate their messages because otherwise they stand
an unacceptably high chance of having them rejected.

-Ekr



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]