> Dnia 22.12.2023 o godz. 16:22:45 Slavko via mailop pisze:
> > But my point was (mostly) not about courties cases, i mean usual users
> > tracking/spying (contacts, shoppings, opinions, etc), where signature is
> > checked once (at receive time), but used/stored forever. And that cannot
> > be solved by rotation nor by publishing nor by any cryptographic method
> > (which i am aware of).
>
> I'm sorry, but I don't understand how in your view the fact that message is
> DKIM signed is related to tracking/spying etc.
I agree: it's not for tracking/spying since it's for authenticating
the sender's identity (as an authorized user)...
> Tracking/spying elements in email messsages are usually intended to spy on
> the *recipient* - did the recipient read the email at all, did he clicked
> on a link in the email etc.
...mail server logs would be one obvious angle, but even that would
require additional effort to extract the target user's eMail activity
since mail server logs cycle through pretty quickly (at least on a
lot of busy Linux systems, anyway). Log retention is generally used
for troubleshooting, so a long-term retention usually isn't needed.
Another method is for a malicious sender to deceptively include
tracking software in an attachment. Most security software stops
this, which includes security daemons on mail servers that can also
be combined with blacklists of IP addresses and/or domain names that
distribute malicious eMails or are otherwise-infected systems that
can be used to commit such types of SMTP abuse.
> On the other hand, DKIM signature identifies the *sender* of the message.
That's the reason we use DKIM, and we reject DKIM-detectable
forgeries to make eMail safer for our users, which is also helpful to
other mail server operators who put the effort into setting up SPF,
DMARC, and DKIM to protect the domains they're responsible for.
> What does one have to do with the other and to the discussion about
> publishing keys (the latter - to my understanding - serves only possible
> legal purposes in case the sender needs to deny the fact that he sent the
> message, which for me is a completely made-up scenario, an absolute
> fiction).
Some of our clients are investigators, lawyers, etc., who
occasionally need high quality (read "reliable") evidence for the
cases they're working on. DKIM, when available, makes it easier to
authenticate eMail evidence in a way that can satisfy these needs.
While this doesn't happen very often, I'd say that, since its
inception, DKIM-based authenticity has moved from being a completely
made-up scenario to having some actual utility.
The most compelling case for me though is that users typically don't
want to contend with forgeries of known vendors and other parties
they routinely interact with, so rejecting all detectable forgeries
with the help of SPF and DKIM is a solution that works well.
> I cannot understand what topic you're actually discussing in this thread.
It was probably just a misunderstanding of the uses of DKIM.
> --
> Regards,
> Jaroslaw Rafa
> r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
