[ietf-dkim] "I sign everything" yes/no
dotis at mail-abuse.org
Tue Nov 21 19:09:40 PST 2006
On Nov 21, 2006, at 5:44 PM, Hallam-Baker, Phillip wrote:
> Policy should support that statement and only that statement plus
> the absolute bare minimum required to move from one version of DKIM
> (read algorithm choices) to another.
A separate authorization scheme can be easily subverted to mislead
recipients. DKIM will not prevent spam, and an authorization scheme
will not thwart phishing attempts. Perhaps just the opposite could
be true. The goal of blocking spam should not cloud rational choices.
DKIM signatures are not visible. Without alternation of the MUA,
there is no assurance recipients see elements assured by policy.
When the MUA is altered, the address-book provides a far more secure
method to authorize annotations added to DKIM signed messages.
Of course policy used as authorization must be discoverable from all
possible sub-domains as well. The majority of email domains do not
publish policy records. Searching for largely non-existent records
after each message generates a flood of DNS traffic. Even a new
wildcard PPTR discovery scheme still involves several non-cached
transactions per message, and can not indicate when this scheme is
available before hand.
Blocking all bad messages based upon what is "authorized" will not
reduce the success rate for a substantial portion of phishing
attempts. An effective annotation scheme based upon the recipient's
address book should greatly reduce the success of phishing without
adding to email's overhead. Making phishing less successful is the
best way to stop phishing traffic.
It remains conjecture an authorization scheme provides a measurable
reduction in the success rate. As bad actor are able to authorize
their own messages in various forms, an authorization scheme may
increase the success rate of phishing attempts. Recipients are not
protected by such a highly flawed scheme.
More information about the ietf-dkim