ietf-asrg
[Top] [All Lists]

Re: [Asrg] Unique innovations made to anti-spam system

2006-01-23 14:48:45

On Jan 23, 2006, at 12:45 PM, Peter J. Holzer wrote:

On 2006-01-23 11:41:56 -0800, Douglas Otis wrote:

DKIM is not related to the return-path and is not expected to survive within a DSN.

It doesn't have to be. My idea was simply to exempt domains which use DKIM from the auto-ack check.

I.e. if a message is received from a sender domain which announces that it uses DKIM:

    If the message has matching signature, accept it.

    If the message has no or an incorrect signature reject it.

Not a good idea. It may be a message munged by a list-server. DKIM allows cases where the email-address domain does not match the signing domain, and policies permitting third-party domain signatures. This mitigation is depending upon the prevalence that email-addresses are confined to that of the provider. Even when the email-address domain and the signing domain match, this still has not confirmed the return-path should there be a reason to bounce the message.

(Same thing for SPF, etc.)

SPF is often open-ended. This may not offer an assurance of the return-path either, and failure may also be in error.

Otherwise quarantine message and send auto-ack.

I.e., if you are flooded with lots of auto-acks because a spammer forges your mail addresses, you can simply add an SPF record, or (a bit less simple) implement DKIM on your outgoing mails to stop the flood.

If the concern is to ensure the delivery of the message, BATV would be a safer option for avoiding the back-scatter. DKIM does not prevent any back-scatter as explained. Rejection based upon SPF has similar problems with erroneous failures.

I still don't like that scheme, but this way it would only be annoying instead of nasty.


BATV, much like VERP, offers a solution for preventing any "back- scatter" problem from affecting the users.

Yes, but it has to implemented by the sender. If I implement it, I will get less (or even no) backscatter, but it won't reduce the amount of "real" spam I get.

This comment was limited to your conclusion that DKIM or SPF solves the back-scatter problem. They don't. SPF depends upon third- parties reading and acting on the record or perhaps expecting the spammers to have read your record. Use of SPF also hopes that no one on your domain is sending to a forwarded account when closed. DKIM has nothing to do with the return-path. Don't forget that spammers will be able to sign as well as anyone else and take advantage of open policies.

-Doug


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>