--On 9 January 2009 09:44:11 -0800 Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
wrote:
On Jan 8, 2009, at 12:43 PM, SM wrote:
At 12:10 08-01-2009, Douglas Otis wrote:
There are methods that can be used to limit risks related to
whitelisting domains. Often these involve capturing prior
conversations and noting where the message originated. The
locations might then be expanded to CIDRs, routes, or acquired
address lists.
Is it that important to note where the message originated? Although
the where is commonly used as input for lack of a better reference
point, it can be a problem when renumbering a network or for mobility.
White-listing based upon a domain would be dangerous without also
including the IP address of the SMTP client and message tracking. There
are companies currently providing this service, particularly needed where
spam remains largely unmanaged.
Absolutely. That's the point of SPF and DKIM. The reason that I don't
whitelist sender domains or addresses is that they're so easy to forge at
the moment. With deployment of SPF and DKIM, there are domains that I'd be
willing to whitelist given either a good SPF or DKIM match. In fact, there
are top level domains like .edu, .gov, .ac.uk, .gov.uk, .sch.uk, .coop, and
so on that I'd be prepared to conditionally whitelist because the
registration process is tougher - though I might find myself making
exceptions if certain subdomains didn't behave reasonably.
--
Ian Eiloart
IT Services, University of Sussex
x3148
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg