> On Mar 26, 2023, at 6:13 AM, Murray S. Kucherawy <superu...@gmail.com> wrote: > > On Sat, Mar 25, 2023 at 10:29 AM Michael Thomas <m...@mtcc.com > <mailto:m...@mtcc.com>> wrote: >> On 3/24/23 6:19 PM, Barry Leiba wrote: >> > I don't agree with the premise. I think what was tried and didn't >> > work should be documented in the result that the working group comes >> > out with, but not in the problem statement. >> >> There isn't a place in the charter/milestones for that. > > The charter identifies these possible outputs in some combination: > > (1) a clear problem statement;
My understanding so far is this an ESP “Email Service Provider” only issue or a domain that allows for free sign-ups for email services using their domains. An ESP , i.e. example.esp, can be any size, high or low scale, it allows free sign-up service. My understanding so far is the exploitation are free sign-up accounts using the domain to create a template message to some spammer box where the example.esp is signing the bound message. The spammer then massages the message without damaging the signature and attacks downlink receivers who accepts the signer and/or always trust the example.esp domain. The presumption is (imo erroneous) the receivers are using the same DKIM Reputation Lookup Server that example.esp is a member of and that these receivers are using the SDID (Signer Domain Identity) as input to a trust service there by bypassing spam security checks. This is the classic “Batteries Required” syndrome that was predicted with the DKIM Reputation Model With no standard, receivers do not have the tools so resolve this problem. But ESP can do more control their users. ESP can also make sure users can not create signed templates. We can also finish the DKIM Policy Protocol and basically extend DMARC beyond its current limits. A receiver can probably read a tag ‘-enabled.x’ that tell receivers to apply the signature expiration. — HLS
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
