[ietf-dkim] ADSP takes DNS down, film at 11 (was: bot-net concern explained)
MH Michael Hammer (5304)
MHammer at ag.com
Fri Jun 27 10:27:46 PDT 2008
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-
> bounces at mipassoc.org] On Behalf Of Frank Ellermann
> Sent: Friday, June 27, 2008 4:00 AM
> To: ietf-dkim at mipassoc.org
> Subject: [ietf-dkim] ADSP takes DNS down,film at 11 (was: bot-net concern
> explained)
>
>
> > The relevant concern is whether a bad actor can influence
> > the PRA
>
> Bad actors pick whatever PRA, 2822-From, HELO, or MAIL FROM
> suits them. It's the job of v=spf1, spf2.0/pra, or ADSP to
> defeat that.
>
And spf2.0/pra fails to do that. The requirement to set PRA to the
sender field if a proper one exists bypasses the SPF record intentions
of the domain represented in the RFC2822 From field email address. It is
rather trivial to game PRA to get a neutral for any particular piece of
"bad" email. But what does this have to do with DKIM and ADSP other than
the suggestion at an earlier point in the process to use the sender
field?
>
> Or an ADSP signature. Bad actors do with their addresses
> what they like, the idea of v=spf1, spf2.0/pra, or ADSP is
> that they can't do this with FAIL-protected addresses (for
> FAIL read "suspicious", "locked", "discardable", or the
> term du jour used in ADSP).
>
Actually, with spf2.0/pra they can by avoiding the FAIL on the From by
getting NEUTRAL on the Sender.
I'm tired and I'm just going to avoid dealing with the rest of Franks
post.
Mike
More information about the ietf-dkim
mailing list