On 3/21/09, John R. Levine <jo...@iecc.com> wrote: > We really need to reset our vision from the blacklist model to whitelist. > With blacklists, there's no fundamental difference between the behavior of > bad guys and good guys, we're forced to use complicated ever expanding > heuristics to try to tell the difference, and we constantly have to change > them as bad guys adapt whatever behavior we attribute to good guys. But > with a whitelist model, you say here's what a good guy does, you design it > in a way that bad guys can't fake, and you're done.
Which almost sounds reasonable, John, but worthless if there is no HUMPH (rejection) behind that whitelist model. When what is expected in the good guys isn't what you get, ignoring or neglecting this state information can be dangerous to the all parties - receiver, the domain and the users. While a buddy-2-buddy blanco list system does work, it won't work very well in a much wider anyone-2-anyone anonymous world. So lets keep it simple: Any domain who wish protection against fraud using DKIM needs to use a standard anchor (From:) to allow AUTHOR domains to define what is expected in their messages they create. Overall, I think you mixed out the black/white methods erronously. In the blacklist model, I believe you might be using a model where there isn't extra information about the sender. The same issues applies to a whilelist model, in fact, this can in fact present more danger when a whitelist just accepted anything from this sender without using some extra level of information. DKIM and POLICY raises the bar. Its no longer the same model. Here you can have more reliable black or white listing models based on the extra level of information. Both black and white is the same ideas - one rejects, one accepts. Either can have rules. its really a point of reference only: Black: Reject all mail with Author Domains that expose Always Sign Policy and the message is not signed (or invalid). White: Accept with a GOLD STAR all mail with Author Domains that expose Always Sign Policy and the message is valid Whats safer? To me, the black list DKIM model. -- hls _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html