Not before Doug defines client a little more clearly :-)
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Damon
Sent: Friday, August 04, 2006 10:01 PM
To: Douglas Otis
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] A more fundamental SSP axiom
I really like William and Douglas's ideas...
Is there anyone who doesn't?
Damon
On 8/4/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Aug 4, 2006, at 5:31 PM, Damon wrote:
On 8/4/06, Arvel Hathcock <arvel(_dot_)hathcock(_at_)altn(_dot_)com> wrote:
Yes but.. I don't think that everyone is going to be aware of
the risk > or ignore it thinking it can't happen to them.
Quite the contrary really, I'd think. And anyway, are we to
remove from our work even useful things on the basis that there
are some who might not understand it? Surely not. We should just
do our best to document what we can to help them.
Nothing contrary about it... I wish I had a nickle for everyone
that set their SPF records with a ~all. I also think that this
would be of diminishing returns. They may set it up this way.. but
the first problem (or second) they have, it will get turned off.
Then what is their alternative? I don't dislike the idea and if it
were released this way... at least I could say I told you so. I am
just hoping we can come up with a solution that will have a safety
or 'Plan B' attached.
This Plan B will stop more abuse than you can imagine:
Require that all DKIM clients use a "_dkim.<host-name>" that can be
verified with a simple Address record lookup. Define a DKIM client
policy that can assert "ONLY SEND SIGNED DKIM MESSAGES." A client
that does not authenticate or does not sign with DKIM can then be
blocked.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html