[ietf-dkim] suspicious and SUSPICIOUS

Douglas Otis dotis at mail-abuse.org
Tue Oct 2 11:06:55 PDT 2007 

On Oct 2, 2007, at 8:48 AM, Scott Kitterman wrote:

> On Tuesday 02 October 2007 10:27, Bill.Oxley at cox.com wrote:
>>  "A member of a mailing list needs to know two things:
>>    a) did the message come via the mailing list?
>>    b) was it sent to the mailing list by the purported "From"?"
>>
>> Why would anyone care about b? It is a mailing list which by  
>> nature is
>> somewhat anonymous and self inclusive. Either a post matches  
>> proper list
>> content or a moderator will boot the poster with or without warning.
>> Thanks,
>
> Well, as an example, a message saying:
>
> "There are the following mistakes in the latest SSP draft:
>
> 1. ..
> 2. ..
> 3. .."
>
> would have a very different meaning coming from me than from Jim  
> Fenton.
>
> Who is saying something is quite often relevant.


This assertion in what DKIM offers requires fairly flexible  
restrictions.

Mailing lists would need to:

- Validate DKIM headers
- Restrict From addresses to be within DKIM domains
- Apply DKIM signatures after flattening

Mailing list recipients would need to:

- Validate DKIM headers
- Restrict Sender addresses to be within DKIM domains

TPA-SSP provides a solution where signatures can invoke tailored  
restrictions:

- sub-domain signatures can be authorized as valid
- sub-domain signatures can apply specific scopes

A domain may support a mailing list, transactional email, as well as  
allow participants to send messages to a mailing list.  Polices  
required of DKIM will therefore need to vary or policy will become a  
problem.  Tailored policies can be structured through use of TPA- 
SSP.  Dave Crocker once suggested sub-domain signatures be used to  
categorize emails.  Any signature from a sub-domain is _not_ valid  
for an email-address within a parent domain.  TPA-SSP can safely  
enable a sub-domain strategy as well as any other third-party strategy.

MAIL FROM is also covered by TPA-SSP.  Our systems see about 70% of  
spam appear as a bounce.  (Perhaps soon bouncing entire message  
content will be seen as analogous to that of an open proxy.)  TPA-SSP  
can also make assertions about MAIL FROM email-addresses.  This MAIL  
FROM assertion might better ensure a DSN is issued rather than dropped.

-Doug

More information about the ietf-dkim mailing list