On 11-11-17 05:25 PM, Christian Grunfeld wrote:
There's no easy transition either - you'd never know if whom you were
doing these queries actually implemented this stuff, and NXDOMAIN could
mean either "BAD! BAD! discard!" or "I don't implement that feature".
same as SPF and DKIM. They are more or less good if all implement them !
Ah, sorry, no. If the sender doesn't implement SPF or DKIM, you find
out that it doesn't support it by not having an SPF or DKIM record,
thus, you don't apply either.
In your proposal there is no way to tell whether a given server
implements it, AND the result for "FAIL" is indistinguishable from the
result for "NOT IMPLEMENTED".
In other words, you can only turn this feature on if everybody
implements it. At the same time.
That won't happen.
You have to add other transactions to be able to query if the server
supports this feature. If the forwarder doesn't (by mal or mis
feasance), then it doesn't do anything useful.
It's trying to make "SPF -all" survive forwarding, but not as well as
DKIM would (absent message mangulation).
DKIM is good for forwarding but it does not solve phishing !
Actually, it does, if the From is signed (which it usually is), and if
the receiver knows (by some outside arrangement) to throw away anything
that fails.
What it doesn't do is solve "froggery" (myriads of look-alike domains,
which your proposal does not solve) nor does it solve the fact that most
of the time the user doesn't even notice what's in the From: line (nor
does your proposal). Remember that many mail readers (outlook included)
DO NOT SHOW YOU THE EMAIL ADDRESS in the From: line by default.
Sigh.
APWG just published a report that said that less than 20% of phishes had
the correct phished-for domain in the From line... Cutwail is pushing a
lot of such things right now.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg