I really like William and Douglas's ideas...
Is there anyone who doesn't?
Damon
On 8/4/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Aug 4, 2006, at 5:31 PM, Damon wrote:
> On 8/4/06, Arvel Hathcock <arvel(_dot_)hathcock(_at_)altn(_dot_)com> wrote:
>> > Yes but.. I don't think that everyone is going to be aware of
>> the risk > or ignore it thinking it can't happen to them.
>>
>> Quite the contrary really, I'd think. And anyway, are we to
>> remove from our work even useful things on the basis that there
>> are some who might not understand it? Surely not. We should just
>> do our best to document what we can to help them.
>
> Nothing contrary about it... I wish I had a nickle for everyone
> that set their SPF records with a ~all. I also think that this
> would be of diminishing returns. They may set it up this way.. but
> the first problem (or second) they have, it will get turned off.
> Then what is their alternative? I don't dislike the idea and if it
> were released this way... at least I could say I told you so. I am
> just hoping we can come up with a solution that will have a safety
> or 'Plan B' attached.
This Plan B will stop more abuse than you can imagine:
Require that all DKIM clients use a "_dkim.<host-name>" that can be
verified with a simple Address record lookup. Define a DKIM client
policy that can assert "ONLY SEND SIGNED DKIM MESSAGES." A client
that does not authenticate or does not sign with DKIM can then be
blocked.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html