Sorry, Should have been clearer. Bad guy sends a message purportedly from cox.com with a header DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=cox.com
The non dkim compliant mta who hasn't deployed dkim yet or knowing much about it places a rule stating that signed messages should be allowed to travel inbound without further checking because dkim is new and safe. A dkim compliant mta will do a dip on my dns records and find no ssp or dk record and drop the message as non compliant. I suspect that in the beginning there will be a lot more of the former than the latter. Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] -----Original Message----- From: Dave Crocker [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 31, 2006 12:49 PM To: Oxley, Bill (CCI-Atlanta) Cc: ietf-dkim@mipassoc.org Subject: Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks Bill, [EMAIL PROTECTED] wrote: > The hacker does not need access to my zone, he just attaches a lookalike > header yes " And to have *any* rule that allows bypass of defense > based upon the receipt of a header from outside your control is > extremely dangerous." But folks will do it anyway By "lookalike" do you mean social engineering with a related name string, such as citibank.com vs. c1t1bank.com, or do you mean something else. If something else, please elaborate. On the other hand, if you mean the name confusion thing, I would guess that that is entirely out of the scope for this working group, since it really pertains to reputation mechanisms, associations between domain names and brands, etc. d/ -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net> _______________________________________________ ietf-dkim mailing list http://dkim.org