[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MASS/DKIM BOF Summary
On August 5, 2005 at 01:37, Michael Thomas wrote:
> 1) Use of domain names without the knowledge or permission of the domain
> in question; if nothing else, the misrepresentation is an attack
> even if
> the intent is benign.
> 2) Damage to reputation of the domain due to receivers believing that the
> originating domain is at fault (often times spam)
> 3) Make-work attacks due to complaints from users about supposed abuse
> 4) Retribution attacks where known users of a domain or the domain itself
> is impugned by forgery of malicious content to innocent dupes (joe-job)
> 5) Outright fraud attempts where victims are lured to illegitimate sites
> to be a domain a user holds in trust (phishing)
> 6) Loss of confidence of domain users in legitimate mail actually sent
> by the
> domain, and the resulting work for domain operators caused by the blow
> back of false alarms
All of these are from a domain-centric perspective, and excludes the
author/sender perspective, formally known as Originating Address (OA)
in the DKIM SSP draft.
If DKIM is intended to deal with things at a user-level, then
user-level considerations must be addressed, especially spoofing
(which can also have an affect on domains).