[Top] [All Lists]

Re: [Asrg] Third party DKIM signatures

2006-06-01 20:19:58

On Jun 1, 2006, at 5:18 PM, Walter Dnes wrote:

On Thu, Jun 01, 2006 at 01:32:14AM -0400, Seth Breidbart wrote

"Walter Dnes" <waltdnes(_at_)waltdnes(_dot_)org> wrote:

 Real-life question...
1) How does any ISP (beyond a really small geek outfit) verify that I
am authorized to use *(_at_)waltdnes(_dot_)org ?

Ask postmaster(_at_)waltdnes(_dot_)org

Being "master of my domain", I can personally answer that question on
my own behalf.  Would Google or Yahoo be able to verify to
that Joe Blow is authorized to send out email as joeblow(_at_)yahoo(_dot_)com or
joeblow(_at_)gmail(_dot_)com when sending email from  Manual
confirmation doesn't scale.  Automating it opens up the potential for
address harvesting.

What do you mean "Manual confirmation doesn't scale"? Unless you are one of those people that like to collect domains and enjoys mixing the sender domains and the From domains, the number of addresses that an individual would need to confirm would be quite limited.

I said earlier that the ISP could quarantine outgoing mail until the confirmation succeeded. Even better would be to reject the mail in the smtp transaction from the user to the ISP with a comment that a confirmation email has been sent to the From address. This has the same effect as a quarantine but provides immediate feedback to the user, allows the user to then resubmit the mail with a different From address and the ISP doesn't have to worry about quarantine queues.

-- Dan Oetting

Asrg mailing list