ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Feedback in charter

2005-08-26 12:59:29
from [Hallam-Baker, Phillip] [Permanent Link] 
Looking at the traffic on IETF about Sender-ID/SPF I think we need to
consider mechanisms for feedback and error reporting as part of the
initial scope.

The real bugbear of SPF is becoming maintenance, there are a heck of a
lot of SPF records out there that are not being maintained properly. If
we do not propose a mainenance model we will have the same problem. If
we do propose a maintenance model we develop a very clear advantage over
SPF.


I don't think that the error reporting needs to be very fancy or involve
new protocol. I would be quite happy with a mechanism of the form 'a
sender may declare that they accept the use of an error reporting
protocol, this document describes the use of INCH'.

I think that this is much better defined and far more urgent than the
proposal to define a header to decribe the authentication results - that
is a tarpit in my view. 

Just a small amount of feedback can dramatically improve the workability
of the protocol. The reason I propose INCH is that RID already defines a
Web Service way to transfer this information and it already deals with
all the necessary performance issues such as batching reports etc. If
someone is under DDoS SYN flood they do not report each SYN
individually, they batch them.


The net effect here would be that DKIM would become a way to get a good
report of the status of your outgoing mail. A large ISP might not want
to deliver a message but they might think that they owe a sender who
signs their outbound email a notice telling them that they are being
impersonated.

This would be a major win in the anti-phishing space, detecting phishing
attempts in progress is a major issue. It would reduce the nervousness
of email senders who migh avoid deploying DKIM if a screwup on their
part would risk loosing a lot of mail. Finally it would improve the
reliability of the system as there would be a much better chance of
fixing the configuration boo-boo before the mail server gives up on
redelivery attempts.

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Thoughts on the DNS RR issue, Hallam-Baker, Phillip
Next by Date:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Earl Hood
Previous by Thread:  [ietf-dkim] Thoughts on the DNS RR issue, Hallam-Baker, Phillip
Next by Thread:  [ietf-dkim] Re: Feedback in charter, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]