> Dnia 22.12.2023 o godz. 16:22:45 Slavko via mailop pisze: > > But my point was (mostly) not about courties cases, i mean usual users > > tracking/spying (contacts, shoppings, opinions, etc), where signature is > > checked once (at receive time), but used/stored forever. And that cannot > > be solved by rotation nor by publishing nor by any cryptographic method > > (which i am aware of). > > I'm sorry, but I don't understand how in your view the fact that message is > DKIM signed is related to tracking/spying etc.
I agree: it's not for tracking/spying since it's for authenticating the sender's identity (as an authorized user)... > Tracking/spying elements in email messsages are usually intended to spy on > the *recipient* - did the recipient read the email at all, did he clicked > on a link in the email etc. ...mail server logs would be one obvious angle, but even that would require additional effort to extract the target user's eMail activity since mail server logs cycle through pretty quickly (at least on a lot of busy Linux systems, anyway). Log retention is generally used for troubleshooting, so a long-term retention usually isn't needed. Another method is for a malicious sender to deceptively include tracking software in an attachment. Most security software stops this, which includes security daemons on mail servers that can also be combined with blacklists of IP addresses and/or domain names that distribute malicious eMails or are otherwise-infected systems that can be used to commit such types of SMTP abuse. > On the other hand, DKIM signature identifies the *sender* of the message. That's the reason we use DKIM, and we reject DKIM-detectable forgeries to make eMail safer for our users, which is also helpful to other mail server operators who put the effort into setting up SPF, DMARC, and DKIM to protect the domains they're responsible for. > What does one have to do with the other and to the discussion about > publishing keys (the latter - to my understanding - serves only possible > legal purposes in case the sender needs to deny the fact that he sent the > message, which for me is a completely made-up scenario, an absolute > fiction). Some of our clients are investigators, lawyers, etc., who occasionally need high quality (read "reliable") evidence for the cases they're working on. DKIM, when available, makes it easier to authenticate eMail evidence in a way that can satisfy these needs. While this doesn't happen very often, I'd say that, since its inception, DKIM-based authenticity has moved from being a completely made-up scenario to having some actual utility. The most compelling case for me though is that users typically don't want to contend with forgeries of known vendors and other parties they routinely interact with, so rejecting all detectable forgeries with the help of SPF and DKIM is a solution that works well. > I cannot understand what topic you're actually discussing in this thread. It was probably just a misunderstanding of the uses of DKIM. > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop