----- Original Message ----- From: "Hallam-Baker, Phillip" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Steve Atkins" <[EMAIL PROTECTED]> Cc: "DKIM List" <[email protected]> Sent: Monday, August 07, 2006 3:57 PM Subject: RE: [ietf-dkim] SSP False positives/negatives
> > We have a reactive system here. DKIM is intended to change > the infrastructure of email and the attackers are attempting to stop it. > So statistics are good at the level of telling if something is a 1% > effect, 5% effect 20%, 80%, 95%, 99%. But guessing how they will > react is just that. +1. Long ago we assume %1 or even less and the loopholes were allowed to remain. I don't have to repeat what happen. Lets close the loopholes now when we have a unique and small window of opportunity to do so. Also, it isn't all about just attackers (Direct Abuse), but also the indirect abuse. If a domain inherently signs all mail with no public declaration of such, he isn't protecting his domain reputation from harm simply from just random capturing or harvesting domains as done today, to blindly bombard all systems across the board. This is like driving a car without a license. <g> -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
