[ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests
Martijn Grooten
martijn.grooten at virusbtn.com
Wed Aug 4 10:30:09 PDT 2010
> What is the security model that makes this expectation of preservation
> important
> and reasonable, given that it is so easily and whimsically violated by
> a common
> recipient-selectable setting?
There's a scenario where a spammer/phisher sets up a mailing list, adds a bunch of addresses to the list and then sends a message with a paypal.com From: address through the list. The DKIM signature will obviously be invalid, but a MTA/spam filter won't be able to decide whether this is because the message didn't really come from Paypal, or because it did but the mailing list broke it.
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
More information about the ietf-dkim
mailing list