or other delivery decisions (was Re:[ietf-dkim]SSP=FAILURE DETECTION)
dotis at mail-abuse.org
Wed Sep 13 10:16:37 PDT 2006
On Sep 13, 2006, at 4:35 AM, Hector Santos wrote:
>>> It is because of that inconsistent DKIM reception handling
>>> unknowns between different systems, we risk encouraging DKIM bad
>>> actors to proliferate against the new creation of different
>>> potential targets.
>>> In summary, the concern is that there is a risk when you don't
>>> have a common DKIM-BASE handling concept.
>> Could you give a simple example of this risk? Please be brief.
> Real world example - DNSRBL
A bit too brief. : )
I assume you mean RHS-Block-lists based upon the DKIM signing domain?
Whether bad actors use DKIM or not does not appear to represent any
The limitations in a DKIM signing domain assessment will be exploited
by bad actors. DKIM has a rather major limitation requiring a
message envelope to be considered independently from that of the
signing domain. This means there _are_ substantial risks for the RHS-
Block-List operator. This limitation requires stronger evidence of
behavior approaching that of a criminal nature. This requirement is
well beyond what is normally adequate for listings in IP address
Could you clarify your concern with simple example that illustrates
what you want to see changed. Again please be brief, but do provide
More information about the ietf-dkim