Re: MASS/DKIM BOF Summary

[Michael Thomas <mike@xxxxxxxx>]

Andrew Newton wrote:

> To answer a, I believe we are better served simply by giving a  
> straight-forward answer: the purpose of DKIM is to prevent forgery of  
> email identities in the headers of email messages.


I translate this as even more simple minded than that: what are the 
attack vectors
that trivially forgeable origination addresses provide:

1) Use of domain names without the knowledge or permission of the domain
    in question; if nothing else,  the misrepresentation is an attack 
even if
    the intent is benign.
2) Damage to reputation of the domain due to receivers believing that the
   originating domain is at fault (often times spam)
3) Make-work attacks due to complaints from users about supposed abuse
4) Retribution attacks where known users of a domain or the domain itself
   is impugned by forgery of malicious content to innocent dupes (joe-job)
5) Outright fraud attempts where victims are lured to illegitimate sites 
purporting
   to be a domain a user holds in trust (phishing)
6) Loss of confidence of domain users in legitimate mail actually sent 
by the
   domain, and the resulting work for domain operators caused by the blow
   back of false alarms

feel free to add more.

      Mike

      Mike