Re: [ietf-dkim] Not exactly not a threat analysis

ietf-dkim

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-24 13:14:58

I think that the history of adoption of SPF by spammers
demonstrates nicely that the mere act of associating a
confirmable identity is not enough.  So the mere act of
signing should not be a criterion for acceptance of the mail.

The required additional step is some basis for assessing that identity.

I agree. At present, the mere existance of a valid signature does not getyou much in my MTA (a slightly positive value added to the spam filter scoreis about it and this probably isn't a good idea). However, just seekingoff-topic advice here before I do it, would it be good or bad to run the IPof the signing domain through the existing IP-based RBLs? I would like tocode for that today so I'm selfishly seeking some advice :)


--
Arvel



_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Not exactly not a threat analysis, (continued) Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Scott Kitterman Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock <= Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, John Levine Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch Re: [ietf-dkim] Not exactly not a threat analysis, John Levine Re: [ietf-dkim] Not exactly not a threat analysis, Ned Freed Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, John R Levine Re: [ietf-dkim] Not exactly not a threat analysis, Ned Freed [ietf-dkim] Is accountability binary?, domainkeys-feedbackbase02 Re: [ietf-dkim] Is accountability binary?, John Levine

Previous by Date:	Re: [ietf-dkim] Is accountability binary?, Tony Hansen
Next by Date:	Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis
Previous by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker
Next by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, SM
Indexes:	[Date] [Thread] [Top] [All Lists]