[ietf-dkim] Re: Adding SMTP client Requirements
dotis at mail-abuse.org
Sun May 27 14:27:33 PDT 2007
On May 27, 2007, at 1:01 PM, SM wrote:
> We don't know through which forwarders the mail will go through
> before reaching its final destination. This message, for example,
> could have gone through a forwarder to reach my mailbox.
As with any path registration scheme, paths must be known
beforehand. The DOSP scheme scales to accommodate _any_ number of
Administrators could ask users to volunteer this information, or
administrators could establish a forwarding service as a last leg of
forwarded messages. Those wanting this accommodation could be prone
to a more spam when their account discovered, but the risk would only
affect these users.
>> The scheme proposed by DOSP could be revised to exclude the left-
>> most domain label in the hash to establish a type of shorthand.
>> To limit which hosts associate as an SMTP client, SMTP clients
>> must then be assigned a specific sub-domain.
>> For those domains where some hosts are not trusted, SMTP clients
>> would be placed within a sub-domain, for example 'mxo'.
> How does that prevent replay abuse? If some hosts are not trusted,
> mail from them should not be DKIM-signed.
The concern is regarding replay abuse where messages are signed by
trusted SMTP clients. The recipients of these signed messages can
not determine which SMTP clients the signer considers authorized
(unless SPF were used).
> Can you provide a specific example where DKIM signed mail from
> dotis at mail-abuse.org to me is protected from abuse?
This domain currently does not use DKIM, but assume that it did.
Their DOSP records would indicate their authorized SMTP clients for
originating SMTP MAIL FROM, and DKIM signatures. These records could
be checked for messages not specifically addressed the SMTP RCPT TO.
A message that is BCC to you can still be confirmed as authorized
when received from an DOSP SMTP client. Unless bad-actors have
specific knowledge of provisions accommodating forwarded messages, or
access to the authorized SMTP clients, they would have no ability to
avoid mitigations in place preventing abusive replay.
The concept is rather simple. The bad-actor is a normal user of mail-
abuse.org and sends themselves messages to other accounts. Mail-
abuse.org rate limits accounts and promptly disables accounts
reported and confirmed as abusive.
When DKIM serves as a basis for acceptance, without replay abuse
mitigation, the bad-actor is still able to continue sending these
messages to anyone and everyone until signatures expire. They may
have hundreds of such messages. If mail-abuse.org grants public
access to their service, the bad-actor could re-enroll and continue
this behavior non-stop. Replay abuse mitigation will become
essential and prove disruptive to a large category of legitimate
email use scenarios. The DKIM WG should consider specific mitigation
strategies that can apply for these legitimate use scenarios or
insist that DKIM must never be used as a basis for acceptance.
DKIM will still reduce false-positive detection of phishing
attempts. Such filtering is not limited to specific email-addresses
where reducing false positives is highly desirable. This use tends
to limit the scenarios suitable for DKIM. It seems many desire that
the DKIM domain be used as a basis for reputation, and there lies the
More information about the ietf-dkim