[ietf-dkim] draft-fenton-dkim-threats-00

[Douglas Otis]

On Oct 6, 2005, at 12:43 PM, Dave Crocker wrote:

>>
>> The threat analysis characterizes the bad acts as the spoofing of  
>> email addresses.
>>
>
> I send very obnoxious mail.
>
> You do not want to receive my mail.
>
> DKIM is extremely helpful for this scenario because the negative  
> reputation that you have assigned to my identity (errr... domain)  
> can now be reliably and accurately applied.
> You could not do that so safely in the past.

With DKIM you still can not prevent an obnoxious sender who is using  
a domain that also permits various mail-addresses, unless you want to  
block all of yahoo.com for example.  Include the opaque-identifier  
concept, and then you could block the obnoxious individual  
independent of the mail-address being used at the time or the size of  
the domain. : )

I don't think you are suggesting that everyone must now only use the  
mail-address provided by the immediate provider.  I see that you  
don't. : )

Deal with the replay problem and DKIM allows reputation to be  
extended to the domain name rather than just the IP address of the  
client.  Much of the grief occurs when there is unintended collateral  
blocking.  When done using the opaque-identifier, then you also have  
your desired feature.

-Doug