[ietf-dkim] DKIM Threat Analysis v0.06
pbaker at verisign.com
Thu Aug 11 06:23:26 PDT 2005
OK answering strictly from core capabilities:
> * Who are the bad actors?
The bad actors are a range of parties that exploit the lack of an
integral and unbiquitous authentication mechanism in SMTP.
These bad actors fall into two categories; parties that impersonate a
particular email sender and parties whose primary objective is to avoid
Examples of the first form of bad actor include phishing attacks where
the domain name of the brand target (bank) is impersonated. Examples of
the second form include certain spammer tactics used to avoid
> * Where do they fit into the protocol environment (eg, middle of
Spoofed email is generally introduced from the edge of the network. The
attacker will either provision an internet connection or hijack a
machine connected to the Internet by means of a Trojan.
> * What are we trying to prevent them from doing?
DKIM provides a strong defense against attacks intended to impersonate a
specific targe and allows an email sender to avoid being incorrectly
identified as an attacker merely attempting to disguise their identity.
While DKIM by itself does not provide a complete defese against either
form of attack it is intended to be employed in combination with other
measures that address countermeasures. For example some phishing ringe
employ 'look-alike' (cousin) domain names and their use is rising as a
direct result of the deployment of countermeasures against domain
spoofed email. However the use of a cousin domain significantly reduces
the message response rate and thus the fraud loss. DKIM compares very
favorably in terms of cost/benefit compared to other measures taken to
limit phishing fraud loss (e.g. takedown of capture sites).
More information about the ietf-dkim