[ietf-dkim] on the scope and necessity of threat analysis
SM
sm at resistor.net
Sat Aug 13 22:29:33 PDT 2005
At 08:01 13-08-2005, Dave Crocker wrote:
>By way of seeking some efficiency, let me prime the pump: One study
>has shown
>that roughly 90% of the SPF-registered email is spam. That's really not a
>surprising statistic, absent any common assessment services.
>However, assuming
>that domain name-oriented assessment services become common, it
>seems reasonable
>to expect most signed mail to be from good actors rather than bad
>actors, since
>the bad actors will not see any benefit from doing signing.
We cannot assess the effectiveness of SPF based on the statistics
that 90% of SPF-registered email is spam. I do not expect most
signed mail to be from good actors. We have seen with SPF that
spammers will use it if it allows their email to get through. The
email may be getting through because the receiving end equates a
"pass" with "good".
At the moment, the receiving end use heuristic rules to determine the
origin of the email and assess it. DKIM provides a means to identify
the origin without undue constraints on the path.
Regards,
-sm
More information about the ietf-dkim
mailing list