[ietf-dkim] DKIM SSP: Security vulnerability when SSP record
does not exist?
Scott Kitterman
ietf-dkim at kitterman.com
Sat Aug 20 19:17:39 PDT 2005
Douglas Otis wrote:
> On Sat, 2005-08-20 at 20:29 -0400, Scott Kitterman wrote:
>
>>So, given that view, as a sender, what's in it for me?
>>
>>Sounds like all I get is more spam reports and maybe on a domain based
>>blacklist if someone doesn't like my mail? What benifit is being
>>offered that I should risk that?
>
>
> With DKIM, a small list of trusted signing domains will exclude most
> emails which need greater examination. The level of support to maintain
> this type of trusted list would be less than the traditional IP address
> white-list. By not binding the signing domain with the mailbox-address,
> there can be greater consolidation which further improves the leverage
> of such a list. Those implementing DKIM could benefit by this rather
> practical use. Complaints directed to those permitting access will
> benefit the industry in general, and again provide greater acceptance
> with DKIM as the basis. When MUAs eventually display the signing
> domain, this should also be to signing domain's benefit.
>
> Aspects of the message content may become beneficiaries of a domain
> binding later, but should not be included in initial offering to ensure
> fewer operational issues.
I'm not certain, but I think you are saying that the benifit to me is
that I'll be put on a whitelist and it will be very difficult to get my
mail delivered if I'm not on the magic list?
Is that right?
I don't have a problem with getting my mail delivered today, so I guess
if your view prevails, I can ignore DKIM until someone starts telling me
I MUST sign using DKIM or they won't accept my messages. I expect I
wouldn't be alone in that view.
Am I missing something here (wrt to benifit to a sender to sign)?
When you say "..will benefit the industry in general.." what industry
are you talking about?
Scott K
More information about the ietf-dkim
mailing list