%% You should probably cite draft-otis-dkim-harmful-04 instead of this revision.
@techreport{otis-dkim-harmful-03,
    number =    {draft-otis-dkim-harmful-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-otis-dkim-harmful/03/},
    author =    {Douglas Otis and David Rand},
    title =     {{DKIM is Harmful as Specified}},
    pagetotal = 20,
    year =      2013,
    month =     jun,
    day =       17,
    abstract =  {Currently, email lacks conventions ensuring SMTP clients can be identified by an authenticated domain. Unfortunately many hope to use DKIM as an alternative, but it is independent of intended recipients and domains accountable for having sent the message. This means DKIM is poorly suited at establishing abuse assessments of unsolicited commercial email otherwise known as SPAM, nor was this initially DKIM's intent. DKIM lacks message context essential to ensure fair assessment and to ensure this assessment is not poisoned (Who initiated the transaction and to whom). DKIM was instead intended to establish increased levels of trust based upon valid DKIM signatures controlling acceptance and what a user sees within the FROM header field. But DKIM failed to guard against pre-pended header fields where any acceptance based on valid DKIM signatures is sure to exclude header field spoofing, especially that of the FROM. This weakness allows malefactors to exploit DKIM signature acceptance established by high-volume DKIM domains to spoof ANY other domain, even when prohibited within the Signer's network.},
}