On Feb 6, 2010 at 12:34 -0500, Chris Lewis wrote:
=>Derek Diget wrote:
=>
=>> =>This also allows <domain> to use DNS to map them to somewhere else
=>> entirely.
=>>
=>> -1 for having a "standard" address. Let sites decided. Some might want
=>> them to go to abuse@, spam@, devnull@,
spam-training(_at_)anti-spam(_dot_)vendor(_dot_)
=>
=>Defeats the purpose of self-configuration, UNLESS the mailstore provider can
=>automatically provide it. See my posting under "We don't need no stinking..."
=>for a method to do it with TXT records.
One of the problems I have with publishing "private" (spammers and DNS
walkers don't need to know this stuff) configuration information is that
people that don't need to know it can get it. Using SRV records to
auto-config MUA retrieval and MSA settings or XMPP clients are different
in that knowing those settings can't be abused unless you have a valid
authentication credential. Whereas, publishing an e-mail address is
just asking for it to abused. (Heck, how many spammers are not smart
enough to list wash abuse@, postmaster@ and the other role accounts
from their lists. Do you think they won't start sending non-ARF
messages (regular) spam to the TiS reporting address. (Yes, some would
say that is good as it will just help block/filter them, but I am
thinking more about the increase in volume to the TiS reporting
address.)
I am also thinking of spammers walking DNS and getting the reporting
addresses and then sending ham to it to try to mess up the sites that
might be automatically processing their TiS messages. If the reporting
address is in a header then they (spammer) would have a harder time
getting the address. (Yes, with all of the compromised PCs, free
accounts, etc they can still probably get it anyways.)
=>> I have deleted the message, but Thursday someone (you?) had a post with
=>> regard to having the final MTA insert a header with the ARF reporting
=>> address? I like that idea, but would replace MTA with MDA. An MTA never
=>> really knows if it is the "last" MTA, where an MDA does.
=>
=>We don't want to modify _anything_ in the mail stream if we can possibly avoid
=>it. If we do, sites can't do this without infrastructure changes (which may
=>never happen in some environments). Eg: if Microsoft elects not to follow
=>this spec, we've just disenfranchised Exchange environments.
I have not been involved in a MS Exchange environment, but 1) I think
that it already have a TiS mechanism builtin and 2) it is a closed
environment like Lotus Notes, and Novell Groupwise. Sites running those
systems would be on their own. (Yes, they might support IMAP/POP, but
is a third-party client "supported for use" by their IT departments?)
--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg