ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 19:15:22
I really like William and Douglas's ideas...
Is there anyone who doesn't?


Damon

On 8/4/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:

On Aug 4, 2006, at 5:31 PM, Damon wrote:

> On 8/4/06, Arvel Hathcock <arvel(_dot_)hathcock(_at_)altn(_dot_)com> wrote:
>> > Yes but.. I don't think that everyone is going to be aware of
>> the risk > or ignore it thinking it can't happen to them.
>>
>> Quite the contrary really, I'd think.  And anyway, are we to
>> remove from our work even useful things on the basis that there
>> are some who might not understand it?  Surely not.  We should just
>> do our best to document what we can to help them.
>
> Nothing contrary about it... I wish I had a nickle for everyone
> that set their SPF records with a ~all. I also think that this
> would be of diminishing returns. They may set it up this way.. but
> the first problem (or second) they have, it will get turned off.
> Then what is their alternative? I don't dislike the idea and if it
> were released this way... at least I could say I told you so. I am
> just hoping we can come up with a solution that will have a safety
> or 'Plan B' attached.

This Plan B will stop more abuse than you can imagine:

Require that all DKIM clients use a "_dkim.<host-name>" that can be
verified with a simple Address record lookup.  Define a DKIM client
policy that can assert "ONLY SEND SIGNED DKIM MESSAGES."  A client
that does not authenticate or does not sign with DKIM can then be
blocked.

-Doug

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>