> Direct attacks would be bad actor attempts to exploit compliant DKIM/SSP > systems. Indirect attacks would be bad actors attempts to exploit > non-compliant DKIM/SSP and rely in "social engineering" exploits. With > indirect attacks, bad actors will not emphasize on protocol correctness. > > These attacks can be detected if the SSP is checked against the domain > whether the message is signed or not. This will lower the risk, the > uncertainty of bad attack exploits and hence, lower the impact of these > high probably attacks > >Sorry, I'm not following this either. It seems the threat has to do >with receipt of signed messages when none should be expected. But isn't >this addressed simply by not publishing any key records?
If I do not publish any key records and a bad actor whips up an email purported to be from me with a fake signature attached, a non dkim compliant mta may have a rule that states "signed messages are probably okay" that might bypass some spam checking software. Before DKIM is fully adopted/deployed expect to see this happen, Thanks, Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] _______________________________________________ ietf-dkim mailing list http://dkim.org
