ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] where the message originated

2009-01-12 18:16:16
from [Franck Martin] [Permanent Link] 
I'm not sure that http://en.wikipedia.org/wiki/Sender_Signing_Policy has a 
correct definition? 

spamassassin, DNSBL, DCC are well known, so we know how they behave with 
different emails, what we don't know is what the google, yahoo, microsoft and 
others are doing to classify their emails (this is the part about security by 
obcurity). 

----- Original Message ----- 
From: "Robert Barclay" <rbbarclay(_at_)gmail(_dot_)com> 
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org> 
Sent: Tuesday, 13 January, 2009 10:37:52 AM (GMT+1200) Auto-Detected 
Subject: Re: [Asrg] where the message originated 




On Mon, Jan 12, 2009 at 1:51 PM, Franck Martin < franck(_at_)avonsys(_dot_)com 

wrote: 



I'm curious when you say ADSP is always keyed of the real live From address? 
You talk about the From: and not the Mail From: (Return-path)? 
Yes, the A is for Author. ADSP is built on top of DKIM and allows domain owners 
to specify that they sign some or all mail using a specific domain in the From: 
address 




as a side note, all this SSP/ADSP processing looks like a blackbox (or black 
magic) to me. There is no recommended practices and no one explain what they do 
to filter mail. like in the statement "AOL will use DKIM to do build reputation 
based on domain", what does it mean? 

It means they are going to start establishing reputation for DKIM domains based 
on the DKIM signed mail passing through their systems. This isn't any more of a 
black box than their existing reputation systems. 
As for recommended practices I'm not sure there's enough operational experience 
is most situations to have anything useful to recommend yet. I would be pleased 
to be wrong here but suspect that we may be starting to get there for some uses 
of DKIM and are a long way away from that with ADSP. 





We know well about spamassassin, DNSBL, DCC but this is about it. I thought 
security by obscurity was a bad idea? ;) 

Not sure this qualifies for security by obscurity. It's pretty straightforward 
how all these technologies work. How people make use of the data these 
technologies provide, that only seems obscure because people are still figuring 
it out themselves. Compare this to how people use IP addresses there's a pretty 
wide variety there and a lot of those uses would qualify as "obscured" from 
outside users too. 



_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] where the message originated, Robert Barclay
Next by Date:  Re: [Asrg] where the message originated, John Levine
Previous by Thread:  Re: [Asrg] where the message originated, Chris Lewis
Next by Thread:  Re: [Asrg] where the message originated, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]