[ietf-dkim] draft-fenton-dkim-threats-00
Dave Crocker
dhc at dcrocker.net
Thu Oct 6 12:43:44 PDT 2005
>
> The threat analysis characterizes the bad acts as the spoofing of
> email addresses.
My name is Dave Crocker. The domains involved with my email are
dcrocker.net, bbiw.net and songbird.com.
The domains in the From and Sender and MailFrom and Helo and Received
fields are all valid and I am authorized to use them.
Really.
I send very obnoxious mail.
You do not want to receive my mail.
DKIM is extremely helpful for this scenario because the negative
reputation that you have assigned to my identity (errr... domain) can
now be reliably and accurately applied.
You could not do that so safely in the past.
One could argue that that is because I could then use a different
identity and, therefore, one could class the problem as spoofing.
But I think we lose an important point when we focus only on the
spoofing action, to the exclusion of the affirmative benefit of simply
ensuring an accurate/reliable identity.
That is, even without spoofing, DKIM's assurances would be useful simply
because of Internet scaling and diversity.
d/
More information about the ietf-dkim
mailing list