IETF Logo Mail Archive

Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review

Jose-Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr> Mon, 25 May 2009 10:14 UTC

Return-Path: <Jose-Marcio.Martins@ensmp.fr>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 280293A6D88 for <asrg@core3.amsl.com>; Mon, 25 May 2009 03:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWbBYp1FrKf5 for <asrg@core3.amsl.com>; Mon, 25 May 2009 03:13:59 -0700 (PDT)
Received: from boipeva.ensmp.fr (cobra.ensmp.fr [194.214.158.101]) by core3.amsl.com (Postfix) with ESMTP id 7680A3A68F3 for <asrg@irtf.org>; Mon, 25 May 2009 03:13:59 -0700 (PDT)
Received: from localhost.localdomain (minho.ensmp.fr [10.3.5.5]) (authenticated bits=0) by boipeva.ensmp.fr (8.14.3/8.14.3/JMMC-11/Feb/2009) with ESMTP id n4PAFZ6Z024678 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <asrg@irtf.org>; Mon, 25 May 2009 12:15:35 +0200 (MEST)
Message-ID: <4A1A7024.9020704@ensmp.fr>
Date: Mon, 25 May 2009 12:17:08 +0200
From: Jose-Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21) Gecko/20090507 Fedora/1.1.16-1.fc10 SeaMonkey/1.1.16
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <3be421270905240058l423fdb91wcf599f9ba270c9f1@mail.gmail.com> <45DE9A70-4D7F-4B75-B711-9B698C6ECD22@blighty.com>
In-Reply-To: <45DE9A70-4D7F-4B75-B711-9B698C6ECD22@blighty.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Miltered: at boipeva with ID 4A1A6FC7.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 4A1A6FC7.000/10.3.5.5/minho.ensmp.fr/localhost.localdomain/<Jose-Marcio.Martins@ensmp.fr>
Subject: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Jose-Marcio.Martins@ensmp.fr, Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2009 10:14:06 -0000

Amir should send it to the list before sending it to be published by Science Direct. I'm 
not sure, but it seems to me that even he, he can't distribute a copy of the paper, now. 
Unfortunately.

I have a copy of it (but I haven't yet read it), as our library subscribes to that 
service, but, as long as I know, I can't either redistribute it.

Cheers,



Steve Atkins wrote:
> 
> On May 24, 2009, at 12:58 AM, Amir Herzberg wrote:
> 
>> Hi guys, I wrote a `critical review' of SPF, DKIM and Sender-ID 
>> Framework (SIDF); it's in process of publication at `computer & 
>> security`, you can see it at 
>> http://dx.doi.org/10.1016/j.cose.2009.05.002 (pending editing, final 
>> changes etc.). Nothing much new, just an attempt to provide a 
>> fair-yet-critical survey, hopefully to help clarify this important 
>> subject. Comments will be most welcome. Abstract below.
> 
> I'm not going to pay $31.50 to review someone's work. Nor is anyone 
> else, I suspect.
> 
> Cheers,
>   Steve
> 
> 
>>
>> Amir Herzberg
>>
>> Title: DNS-based Email Sender Authentication Mechanisms: a Critical 
>> Review
>>
>> Abstract
>>
>> We describe and compare three predominant email sender authentication 
>> mechanisms based on DNS: SPF, DKIM and Sender-ID Framework (SIDF). 
>> These mechanisms are designed mainly to assist in filtering of 
>> undesirable email messages, in particular spam and phishing emails.We 
>> clarify the limitations of these mechanisms, identify risks, and make 
>> recommendations. In particular, we discuss potential abuse of these 
>> mechanisms to facilitate DNS poisoning, and suggest countermeasures.
>>
>> -- 
>> Amir Herzberg
>> Associate Professor, Dept. of Computer Science
>> Bar Ilan University
>> http://AmirHerzberg.com
>> _______________________________________________
>> Asrg mailing list
>> Asrg@irtf.org
>> http://www.irtf.org/mailman/listinfo/asrg
> 
> _______________________________________________
> Asrg mailing list
> Asrg@irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
> 


-- 
  ---------------------------------------------------------------
  Jose Marcio MARTINS DA CRUZ           http://j-chkmail.ensmp.fr
  Ecole des Mines de Paris
  60, bd Saint Michel                      75272 - PARIS CEDEX 06
  mailto:Jose-Marcio.Martins@mines-paristech.fr

v2.23.0 | Report a Bug | By Email