[ietf-dkim] New canonicalizations
Michael Deutschmann
michael at talamasca.ocis.net
Sun Jun 5 02:15:04 PDT 2011
On Mon, 30 May 2011, Steve Atkins wrote:
> The most obvious thing that MLMs do that invalidate signatures are 1.
> append content to the body and 2. prepend content to the subject line. Any
> approach that allows me to replay messages while making those changes
> seems to open the door to abuse.
Look at the big picture though. It is true that once spammers adapt to
it, a weak signature that tolerates appended body text and a mutilated
subject will have an atrocious false negative rate.
But, right now we have a 100% false negative rate for purported senders
who use mailing lists, since such senders will not publish
dkim=discardable. A loose signature can only improve things.
Also, there's another way a weak signature could be helpful, even if it
was *so* weak that it forgives any message mutilation other than to the
To: and Cc: headers:
My mailserver is programmed to refuse blind carbon copies (with
exceptions for the mailing lists I subscribe to). If a forger attempted
to lurk on a mailing list and then replay the shortest message he sees
there with his spam appended, he still won't be able to reach me, since
the To: header will contain that list's submission address, and not my
address.
(If he used a list I subscribe to, he still loses. My exceptions are
keyed on the MAIL FROM:, and SPF guards that.)
---- Michael Deutschmann <michael at talamasca.ocis.net>
More information about the ietf-dkim
mailing list