[ietf-dkim] Re: DKIM Threat Analysis v0.06
nobody at xyzzy.claranet.de
Thu Aug 11 22:57:39 PDT 2005
> Please define "joe job"
Yes, apparently that's important, I see two definitions in the
context of articles here:
1 - intentionally damaging the reputation of a domain / address,
typical cases involve drugs and porn in the same spam mail
2 - a relaxed definition also including forged Return-Paths
The latter is IMHO no "joe job". It's just a spammer, maybe
he picks his "ideas" in some "anti-spam communities", but all
he needs are addresses surviving simple call back tests.
I just have just this "pleasure" again, after the first series
from March to August 2004. Either my theory that this spammer
gave up because of SPF FAIL and SA 3.0 was wrong, or he changed
his mind, or it's a new spammer. One spammer, the difference
between zero and several hundreds of bounces per day is obvious.
So far I think SPF is "anti-forgery" addressing a real problem,
and DKIM might be "anti-phishing", probably better at this
problem as say PRA, but compared with my real problems at the
moment that is irrelevant.
For SPF I can see the deal, "if you check it you might catch a
FAIL, reject it, and draw your conclusions about the sending
IP while it's not yet blacklisted as zombie". A similar deal
might work for DKIM, "draw your conclusions about the sources
of phishing mails (until they show up in a cheaper RBL, or in
Or the opposite approach, "assume innocent until proven guilty"
for a SPF PASS (apparently that's what AOL does), that might
also work for DKIM.
More information about the ietf-dkim