Implications of DKIM signing for DCC filtering?

Gary Mills mills@cc.umanitoba.ca
Thu May 31 15:18:54 UTC 2007


On Thu, May 31, 2007 at 07:37:07AM +0100, Graham Murray wrote:
> Vernon Schryver <vjs@calcite.rhyolite.com> writes:
> 
> > A second problem is whether rbc.com
> > will send mail only from rbc.com and not from royalbank.com and the
> > doubtless many other domain names they own.  Mail from other domains
> > won't get whitelisted, because mail from a strange domain name is the
> > same with or without a DKIM signature. 
> 
> I think that the financial, and other institutions, do themselves a
> great disfavour, especially now that phishing has become so
> prevalent. If they were to restrict emails to coming from a single
> domain, which they publish in print etc, then it would make checking via
> SPF, DKIM, and (to be on topic) adding to DCC whiteclnt. 

Yes, that would help to some extent.  However, users shouldn't be
expected to know which domain names belong to reputable organizations
and which don't.  There are just too many of them to comprehend.  The
same problem occurs with URLs, which I understand were never intended
to be visible to users.  It's the same as expecting users to know
which file types may be dangerous and which are benign.  In all of
these cases, a computer system can discriminate much better than users
can.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.