[ietf-dkim] DKIM Threat Analysis v0.06
Scott Kitterman
ietf-dkim at kitterman.com
Sat Aug 20 09:57:20 PDT 2005
SM wrote:
> At 09:08 18-08-2005, Scott Kitterman wrote:
>
>> It isn't entirely clear to me exactly where DKIM wants to live in this
>> chain. Is it a tool for the SMTP server to reject messages from SMTP
>> clients that are doing something unauthorized? Is it a tool for
>> post-acceptance filtering and routing in the MDA? Is it a tool meant
>> to give MUAs information to display to end users?
>
>
> There has been a lot of discussion about rejection. Up to now, we have
> "rules" and RBLs to reject "bad" messages. Mail filtering also has a
> negative impact on mail delivery. DKIM also provides the building block
> for whitelisting mail. It can also be abused as we have seen in the
> discussion about replay attacks.
>
The better capabilities we have to reject messages during the SMTP
session, the less filtering will be required. In my opinion, rejection
is much better than filtering.
Rejection saves resources for the receiver. Rejection gives the sender
near immediate feedback on the fate of the message.
Filtering dooms messages to an uncertain fate.
The more messages we can get rid of by rejection, the more reliable we
make the mail system.
Whitelisting is important too, but unless a receiver intends to limit
their correspondence to known senders, it is only a small part of the
solution
Scott Kitterman
More information about the ietf-dkim
mailing list