[ietf-dkim] SSP False positives/negatives
hsantos at santronics.com
Mon Aug 7 14:37:47 PDT 2006
----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker at verisign.com>
To: <dcrocker at bbiw.net>; "Steve Atkins" <steve at blighty.com>
Cc: "DKIM List" <ietf-dkim at mipassoc.org>
Sent: Monday, August 07, 2006 3:57 PM
Subject: RE: [ietf-dkim] SSP False positives/negatives
> We have a reactive system here. DKIM is intended to change
> the infrastructure of email and the attackers are attempting to stop it.
> So statistics are good at the level of telling if something is a 1%
> effect, 5% effect 20%, 80%, 95%, 99%. But guessing how they will
> react is just that.
Long ago we assume %1 or even less and the loopholes were allowed to remain.
I don't have to repeat what happen.
Lets close the loopholes now when we have a unique and small window of
opportunity to do so.
Also, it isn't all about just attackers (Direct Abuse), but also the
If a domain inherently signs all mail with no public declaration of such, he
isn't protecting his domain reputation from harm simply from just random
capturing or harvesting domains as done today, to blindly bombard all
systems across the board.
This is like driving a car without a license. <g>
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim