[ietf-dkim] SSP vs. reputation
MH Michael Hammer (5304)
MHammer at ag.com
Fri Jan 25 10:16:15 PST 2008
> Hector Santos wrote:
>Sent: Friday, January 25, 2008 12:55 PM
>To: Frank Ellermann
>Cc: ietf-dkim at mipassoc.org
>Subject: Re: [ietf-dkim] SSP vs. reputation
>
>Oh I see, you are "redirecting" the original mail to someone
>else as if it was "new."
>
>You are not using the FORWARDING features of the MUA.
>
>Well, I think I would prefer the protection here because even
>though you are a GOOD GUY, if we allow this loophole, the bad
>guy will exploit it.
>
Absolutely true.
>The end result is that if you see my messages are "special",
>then you know that you can't "resend" it as "me."
>
All your messages are special!
>Your MUA should tell ya
>
> "Sorry, you can't do this. This message is Special."
>
I agree that a well behaved MUA would do this. BAD MUA! BAD!
>We can't have it both ways. The same way of doing things and
>expect to get the security we are seeking.
>
+1
Found this interesting article which is germane even if I don't agree
with the authors conclusion and desire to pull an "Al Hague".
E-mail and its security discontents
Why Microsoft, Cisco, IBM and others need to step up to protect SMTP
http://www.arnnet.com.au/index.php/id;1603491549
>Something has to give and this one is perfectly acceptable to
>me because it helps secured my domains as I intended it to be
>secured with a DKIM=STRICT.
>
And this desire for protection grows as we all run in circles. The other
day I was going through some boxes that had been sitting in my basement
for a (long) while. Found a box filled with internet industry magazines
from the mid-to-late 1990s. With only a few tweaks the articles and
letters to the editor related to abusive email would be applicable
today.
Food for thought.
More information about the ietf-dkim
mailing list