ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 19:30:53
from [Bill.Oxley] [Permanent Link] 
Not before Doug defines client a little more clearly :-)

Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Damon
Sent: Friday, August 04, 2006 10:01 PM
To: Douglas Otis
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] A more fundamental SSP axiom

I really like William and Douglas's ideas...
Is there anyone who doesn't?


Damon

On 8/4/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:


On Aug 4, 2006, at 5:31 PM, Damon wrote:


On 8/4/06, Arvel Hathcock <arvel(_dot_)hathcock(_at_)altn(_dot_)com> wrote:

Yes but.. I don't think that everyone is going to be aware of

the risk > or ignore it thinking it can't happen to them.

Quite the contrary really, I'd think.  And anyway, are we to
remove from our work even useful things on the basis that there
are some who might not understand it?  Surely not.  We should just
do our best to document what we can to help them.


Nothing contrary about it... I wish I had a nickle for everyone
that set their SPF records with a ~all. I also think that this
would be of diminishing returns. They may set it up this way.. but
the first problem (or second) they have, it will get turned off.
Then what is their alternative? I don't dislike the idea and if it
were released this way... at least I could say I told you so. I am
just hoping we can come up with a solution that will have a safety
or 'Plan B' attached.


This Plan B will stop more abuse than you can imagine:

Require that all DKIM clients use a "_dkim.<host-name>" that can be
verified with a simple Address record lookup.  Define a DKIM client
policy that can assert "ONLY SEND SIGNED DKIM MESSAGES."  A client
that does not authenticate or does not sign with DKIM can then be
blocked.

-Doug


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] A more fundamental SSP axiom, Damon
Next by Date:  Re: [ietf-dkim] "I sign everything" is not a useful policy, Hector Santos
Previous by Thread:  Re: [ietf-dkim] A more fundamental SSP axiom, Damon
Next by Thread:  Re: [ietf-dkim] A more fundamental SSP axiom, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]