----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
You might have brow beating down Scott, but this is totally
false because the MTA can reject it before the MUA. It doesn't
need a VISUAL presentation or confirmation.
How is a look-alike domain rejected by comparing the From and
signing-domains?
Signature/SSP valid or invalid?
invalid --> reject
valid --> accept
Pretty much use the SSP Verify Chart for a guideline.
Doug, once again. It is about technical consistency. You must have
technical consistency before you make any sense of subsequent heuristic
models, if any, and as you said, reputation, manual or automatic, is usually
the way to deal with such fraudulent email.
You won't be able to STOP *compliant* malicious senders using any logic,
including yours.
Now, with DKIM, the main domain can take action by registering all the
near-domains and declare a NEVER DKIM SSP policy, similar to what
EarthLink.com did with near-domain "eartlink.com" by creating an SPF
EXCLUSIVE always fail policy.
nslookup -query=txt eartlink.com
Non-authoritative answer:
eartlink.com text =
"v=spf1 -all"
So you see, EarthLink has taken a proactive stance and made a global
declaration - Do not expect mail from this domain.
Think about it. What makes this a BAD or GOOD domain to the computer
software? It doesn't know the difference unless there is some "knowledge
bank" of information or domain policy to work with.
Well, high-value domains, actually anyone, can do the same type of proactive
protection for near-domains or any domain they don't wish to be used. We
have some domains that have nothing to do with email. Some are just web
sites. Some are not even active yet. Yet, they were already harvested and
are used for email spoofing. With DKIM or SSP, I can create ALWAYS REJECT
policies.
With your method, you want to remove ALL deterministic method for mail
rejection based on consistency. You want to use a "Take the first strike"
baseball analogy to build a knowledge base of reputation information. Get a
feel for the pitcher. The problem? You don't really know if you are going
to get the same pitch again.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org