[ietf-dkim] "I sign everything" yes/no

[Douglas Otis]

On Nov 21, 2006, at 5:44 PM, Hallam-Baker, Phillip wrote:
>
> Policy should support that statement and only that statement plus  
> the absolute bare minimum required to move from one version of DKIM  
> (read algorithm choices) to another.

A separate authorization scheme can be easily subverted to mislead  
recipients.  DKIM will not prevent spam, and an authorization scheme  
will not thwart phishing attempts.  Perhaps just the opposite could  
be true.  The goal of blocking spam should not cloud rational choices.

DKIM signatures are not visible.  Without alternation of the MUA,  
there is no assurance recipients see elements assured by policy.   
When the MUA is altered, the address-book provides a far more secure  
method to authorize annotations added to DKIM signed messages.

Of course policy used as authorization must be discoverable from all  
possible sub-domains as well.  The majority of email domains do not  
publish policy records.  Searching for largely non-existent records  
after each message generates a flood of DNS traffic.  Even a new  
wildcard PPTR discovery scheme still involves several non-cached  
transactions per message, and can not indicate when this scheme is  
available before hand.

Blocking all bad messages based upon what is "authorized" will not  
reduce the success rate for a substantial portion of phishing  
attempts.  An effective annotation scheme based upon the recipient's  
address book should greatly reduce the success of phishing without  
adding to email's overhead.  Making phishing less successful is the  
best way to stop phishing traffic.

It remains conjecture an authorization scheme provides a measurable  
reduction in the success rate.  As bad actor are able to authorize  
their own messages in various forms, an authorization scheme may  
increase the success rate of phishing attempts.  Recipients are not  
protected by such a highly flawed scheme.

-Doug