ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] where the message originated

2009-01-13 12:32:04
from [Robert Barclay] [Permanent Link] 
On Mon, Jan 12, 2009 at 4:15 PM, Franck Martin <franck(_at_)avonsys(_dot_)com> 
wrote:


I'm not sure that http://en.wikipedia.org/wiki/Sender_Signing_Policy has a
correct definition?



I think what you're referring to is this statement "Instead of the
*From*header, ADSP can also be used for publishing that all mails of
the
*MAIL FROM*, *Sender*, *Resent-Sender* and *Resent-From* headers have a
corresponding DKIM <http://en.wikipedia.org/wiki/DKIM> signature." which as
far as I know is not correct. John, Dave, Steve can any of you guys verify
this? I admit some of the debates managed to throttle me into zombie-ism so
I may have missed something major somewhere.




spamassassin, DNSBL, DCC are well known, so we know how they behave with
different emails, what we don't know is what the google, yahoo, microsoft
and others are doing to classify their emails (this is the part about
security by obcurity).



First I think you're talking about a different issue than DKIM/ADSP here.
Your complaint appears to be that you don't know generally what the software
these guys use to evaluate email does or what they mean when they use the
term reputation. This isn't a new issue. It's just sort of the state of the
world and I would say it's not limited to these guys. In general unless
someone on the receiving end has told you specifically how they evaluate
emails then really all you can tell is (sometimes) whether the email got
there or not.

Second I think you're confusing knowledge of what data a piece of technology
provides you with knowledge of how people use that software. Knowing what
spamassassin does generally still doesn't give you anything better than a
guess at what that might mean to the systems of spamassassin users. In the
case of DKIM you at least know that two people running compliant software
will come to exactly the same decision on whether a piece of mail passes.
You just don't know what either of those people will do with that
information.
Since that's exactly the case now with every other piece of information
people extract from an email you're certainly not any worse off.

Robert






----- Original Message -----
From: "Robert Barclay" <rbbarclay(_at_)gmail(_dot_)com>
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org>
Sent: Tuesday, 13 January, 2009 10:37:52 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] where the message originated



On Mon, Jan 12, 2009 at 1:51 PM, Franck Martin 
<franck(_at_)avonsys(_dot_)com> wrote:


I'm curious when you say ADSP is always keyed of the real live From
address? You talk about the From: and not the Mail From: (Return-path)?


 Yes, the A is for Author. ADSP is built on top of DKIM and allows domain
owners to specify that they sign some or all mail using a specific domain in
the From: address





as a side note, all this SSP/ADSP processing looks like a blackbox (or
black magic) to me. There is no recommended practices and no one explain
what they do to filter mail. like in the statement "AOL will use DKIM to do
build reputation based on domain", what does it mean?



It means they are going to start establishing reputation for DKIM domains
based on the DKIM signed mail passing through their systems. This isn't any
more of a black box than their existing reputation systems.
As for recommended practices I'm not sure there's enough operational
experience is most situations to have anything useful to recommend yet. I
would be pleased to be wrong here but suspect that we may be starting to get
there for some uses of DKIM and are a long way away from that with ADSP.






We know well about spamassassin, DNSBL, DCC but this is about it. I
thought security by obscurity was a bad idea? ;)



Not sure this qualifies for security by obscurity. It's pretty
straightforward how all these technologies work. How people make use of the
data these technologies provide, that only seems obscure because people are
still figuring it out themselves. Compare this to how people use IP
addresses there's a pretty wide variety there and a lot of those uses would
qualify as "obscured" from outside users too.




_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] kiosks, was where the message originated, John Levine
Next by Date:  Re: [Asrg] where the message originated, Rich Kulawiec
Previous by Thread:  Re: [Asrg] where the message originated, Dave CROCKER
Next by Thread:  Re: [Asrg] where the message originated, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]