[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
From: Dave CROCKER <dhc at dcrocker.net>
Date: Wed, 27 May 2009 09:36:09 -0700
Delivered-to: asrg at core3.amsl.com
In-reply-to: <3be421270905240058l423fdb91wcf599f9ba270c9f1 at mail.gmail.com>
List-archive: <http://www.irtf.org/mail-archive/web/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization: Brandenburg InternetWorking
References: <3be421270905240058l423fdb91wcf599f9ba270c9f1 at mail.gmail.com>
Reply-to: dcrocker at bbiw.net, Anti-Spam Research Group - IRTF <asrg at irtf.org>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Amir Herzberg wrote:

    Nothing much new, just an attempt to provide a
fair-yet-critical survey, hopefully to help clarify this importantsubject. Comments will be most welcome. Abstract below.
Amir Herzberg

Title: DNS-based Email Sender Authentication Mechanisms: a Critical Review

Perhaps I misunderstand the paper, but it appears to be asserting that DKIMvalidates the From: field.

     DKIM allows authentication of multiple
email header ﬁelds, including the sender identity displayed to the recipient; in
that regard, it is similar to SIDF

Since DKIM does nothing of the kind, that seems a rather fundamental point ofdeparture for evaluating the paper.

DKIM authenticates the signing domain, and it ensures data integrity for thecovered header fields and body, from the place of signing to the place ofverification. But it does not authenticate any of the message contents, such asthe sender identity.


d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

References:
- [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Amir Herzberg

Prev by Date: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review
Next by Date: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: aCritical Review
Previous by thread: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
Next by thread: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
Index(es):
- Date
- Thread