E-mail Authentication Implementation Summit 2005?

• Previous message (by thread): E-mail Authentication Implementation Summit 2005?
• Next message (by thread): More info from the ICANN meetings in Luxembourg
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 13, 2005, at 6:57 PM, Fergie (Paul Ferguson) wrote:

>
> Just curious: Did any readers of the list participate in
> this summit?

While the event was focused upon advocating the use of Sender-ID now,  
and DKIM later, there was some information made available regarding  
Sender-ID not normally heard.  I raised a question again in the  
smaller technical break-out about reputation protection on shared  
servers (made at the FTC presentation, the Open Source presentation  
in Boston, the MAAWG in San Diego, and now again at this forum in New  
York).   In essence, the answer following the technical presentation  
by Harry and Meng was that no technology is perfect.   I wish to  
commend Esther Dyson for asking the question again at the next two  
panels during the full session.

The first was an executive round table concerning eCommerce and  
Marketing.  She asked how they dealt with the shared server issue.   
There was acknowledgment of the reputation concern and that they were  
migrating clients to ensure each had unique outbound IP addresses.    
Finally an answer.   Esther also continued this point at the next  
panel concerning DKIM by asking whether DKIM was also a solution for  
the shared server problem.  Of course the answer was yes.

While Sender-ID may be readily available today, so is DomainKeys  
where DKIM is upwardly compatible.  DKIM solves some of the issues  
which hampered the DomainKeys deployment when support calls were  
generated by those asking about the Sender header added to the  
message.  DKIM no longer requires the signer be bound to either the  
Sender or From header.

Sender-ID does not have a solution for the sender that addresses the  
forwarded account problem, and many recipients are not honoring the  
'~' or '?' syntax that attempts to mitigate this problem.  This  
syntax is exploited by abusers, which causes some to not accept mail  
resulting in either 'neutral' or 'soft-fail.'   Again, DomainKeys and  
DKIM offer a solution for forwarding accounts, and the shared server  
problem.

There was a chart indicating 2.7% of the domains publish SPF records,  
with much of this by spammers.  Only by including reputation, will  
email authentication provide relief from abuse.   It was also pointed  
out that Hotmail only makes the Resent-From header visible when there  
was a validation failure, which leaves consumers still vulnerable to  
phishing exploits.  Of course, normal email clients will also expose  
consumers to phishing even with Sender-ID validation.

-Doug

• Previous message (by thread): E-mail Authentication Implementation Summit 2005?
• Next message (by thread): More info from the ICANN meetings in Luxembourg
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]