[dkim-dev] DomainKeys vs DKIM: Identifying the Sending Domain
Douglas Otis
dotis at mail-abuse.org
Fri May 4 16:31:41 PDT 2007
On May 4, 2007, at 3:43 PM, Murray S. Kucherawy wrote:
> On Fri, 4 May 2007, Douglas Otis wrote:
>> No sender assurances exist to safely permit an inference that a
>> specific email-address is genuine when matched against the signing
>> domain. That is an opaque function of the signing domain.
>
> If I get mail which was signed by example.com, the signature
> verifies, and the From: contains an example.com address, on what
> grounds other than arbitrary ones would I distrust the contents of
> the From: header?
One still can't safely infer that [some]@example.com email-address is
genuine, even when signing and email-address domains match.
1) DKIM does not require exact matches for a signature to considered
valid.
2) Users are unable to visually confirm any DKIM signatures without
some form of annotation.
What annotation will permit users to trust a From header?
> Certainly someone could've hacked example.com's machines or found a
> way to generate mail that they will sign, but that doesn't change
> what you can infer from DKIM. If I'm willing to trust that their
> machines are safe, my assertion is sound.
This overlooks rather complex issues of safely communicating to the
user the set of conditions considered necessary upon which trust is
based. In addition, such trust makes an assumption that the signing
domain is performing email-address validation. That assumption is
not based upon any sender assurances.
-Doug
More information about the dkim-dev
mailing list