,---
| 2.3.2. Within Claimed Originator's Administrative Unit
|
| ... Since the submission of
| messages in this area generally occurs prior to the application of a
| message signature, DKIM is not directly effective against these bad
| actors. Defense against these bad actors is dependent upon other
| means, such as proper use of firewalls, and mail submission agents
| that are configured to authenticate the sender.
'---
While currently DKIM does not offer a standardized means to both
track and immediately revoke abuse emanating from the originating
domain, abuse of this nature represents a substantial portion of the
abuse problem. The dkim-options draft illustrates mechanisms
comprised of persistent Opaque-IDs and revocation records. By using
a persistent O-ID, the AdmD source of abuse can be tracked and
readily reported by third-parties. Resolution of the abuse is also
made apparent by use of the revocation record. This scheme neither
exposes or depends upon an email-address.
http://www.ietf.org/internet-drafts/draft-otis-dkim-options-00.txt
Should be:
: Although the submission of messages may be prior to the application
: of a message signature, submissions are commonly authenticated
: internally within the AdmD by mail submission agents. By including
: a persistent identifier within the signature, a substantial source
: for email abuse can be abated with the use of DKIM. The identifier
: itself can be block-listed by the sending domain immediately
: without requiring the expiry of a key TTL. Defense against bad
: actors is also improved with the proper use of firewalls and OS
: maintenance.
_______________________________________________
ietf-dkim mailing list
http://dkim.org