[ietf-dkim] Not exactly not a threat analysis
Douglas Otis
dotis at mail-abuse.org
Mon Aug 15 17:12:12 PDT 2005
On Aug 15, 2005, at 4:49 PM, SM wrote:
> At 15:30 15-08-2005, Earl Hood wrote:
>
>> Care must be taken that no accountability is assumed on behalf of
>> the signer on the desirability of the message. The signature just
>> states that a given message passed through their system.
>>
>
> Even if DKIM Signature does not make the signer responsible or
> accountable, some people may infer it. Undesirable messages will
> affect the reputation of the signing domain.
Agreed, the signer domain is where trust is established or lost.
There is a positive side with assigning accountably. Should a
different domain sign the message, then regardless of the From,
Sender, Resent-From, Resent-Sender or Bounce-address domains, the
signer domain remains fully accountable.
-Doug
More information about the ietf-dkim
mailing list