[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
From: Steve Atkins <steve at blighty.com>
Date: Sun, 24 May 2009 09:12:26 -0700
Delivered-to: asrg at core3.amsl.com
In-reply-to: <3be421270905240058l423fdb91wcf599f9ba270c9f1 at mail.gmail.com>
List-archive: <http://www.irtf.org/mail-archive/web/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <3be421270905240058l423fdb91wcf599f9ba270c9f1 at mail.gmail.com>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>

On May 24, 2009, at 12:58 AM, Amir Herzberg wrote:

Hi guys, I wrote a `critical review' of SPF, DKIM and Sender-IDFramework (SIDF); it's in process of publication at `computer &security`, you can see it at http://dx.doi.org/10.1016/j.cose.2009.05.002(pending editing, final changes etc.). Nothing much new, just anattempt to provide a fair-yet-critical survey, hopefully to helpclarify this important subject. Comments will be most welcome.Abstract below.

I'm not going to pay $31.50 to review someone's work. Nor is anyoneelse, I suspect.


Cheers,
  Steve

Amir Herzberg
Title: DNS-based Email Sender Authentication Mechanisms: a CriticalReview
Abstract
We describe and compare three predominant email senderauthentication mechanisms based on DNS: SPF, DKIM and Sender-IDFramework (SIDF). These mechanisms are designed mainly to assist infiltering of undesirable email messages, in particular spam andphishing emails.We clarify the limitations of these mechanisms,identify risks, and make recommendations. In particular, we discusspotential abuse of these mechanisms to facilitate DNS poisoning, andsuggest countermeasures.
--
Amir Herzberg
Associate Professor, Dept. of Computer Science
Bar Ilan University
http://AmirHerzberg.com
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Jose-Marcio Martins da Cruz
- [Asrg] 答复: DNS-based Email Sender Authentication Mechanisms: aCritical Review
  - From: Sean Shen

References:
- [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Amir Herzberg

Prev by Date: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
Next by Date: [Asrg] 答复: DNS-based Email Sender Authentication Mechanisms: aCritical Review
Previous by thread: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
Next by thread: [Asrg] 答复: DNS-based Email Sender Authentication Mechanisms: aCritical Review
Index(es):
- Date
- Thread