[ietf-dkim] Review of draft-fenton-dkim-threats-01
Andrew Newton
andy at hxr.us
Tue Nov 1 14:04:12 PST 2005
On Nov 1, 2005, at 2:19 PM, Eric Rescorla wrote:
>> Really?? If I see a message which is DKIM signed by iecc.com and
>> iecc.com is on my "DKIM white-list" this is pretty useful info right?
>> I can probably get away with relaxing or even skipping heuristic spam
>> filtering on that email with a fair degree of comfort. How is the
>> utility of that in any way unclear?
>>
>
> The scenario you cite is likely of *some* utility but it's not
> clear how
> much, or if it exceeds the cost of implementation and design. The
> answer
> to that question depends on (at minimum) (1) what the false positive
> rate would have been without the whitelisting
Well, I cannot give you a specific value if you are looking for one,
but I can tell you that the number of false positives that I see is
quite high.
> (2) the degree of
> predictability about whitelist contents (for attackers)
I think that depends on the implementation of the whitelist. For
publicly available lists, it is quite easy. For privately created
lists, I would think it is harder though not impossible.
> , and (3) the
> level of zombie infection--or more precisely potential zombie
> infection--of the domains which are on the whitelist.
I do not understand this. Are you speaking about zombies authorized
to send using the domains on the whitelist?
> It's not clear to
> me that we have good data on any of these questions, let alone an
> analysis that incorporates all of them.
Well, I'm not sure you'll ever see data like this. But I think
enough people in the community have looked at their mail systems in
enough detail that they believe a domain anti-spoofing mechanism will
help reduce a good bit of their troubles.
-andy
More information about the ietf-dkim
mailing list