On October 13, 2005 at 10:39, Frank Ellermann wrote: > DKIM is no FUSSP
I think no one is claiming it is. > there will be legit domains that don't use > DKIM for at least years. The bad actors would then forge its > addresses, sign it with their own throw-away domains, and naive > users (5.1 + 6.2) could then erroneously "think" that they got > a PASS "for" the forged identity. This ties back to past threads on the SSP part of DKIM and what the default assumptions are when no SSP records are defined for a given domain. > So far that's 100% the same as SPF. Maybe you should mention > that DKIM can be checked everywhere (not only at the "border") > as long as nobody manipulates the DATA. Resulting in a minor > "threat" of FPs behind many mailing lists => users intending > to act on invalid signatures should white list these lists. DKIM operates independently of the transport layer. It is not dependent on SMTP, allowing DKIM to be applicable for messages transmitted by other protocols. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
