On 8/27/06, Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Douglas Otis wrote:
> Look-alike exploits exist without designated domains.
Sure, but they sail under their own look alike flag. They can't
"steal" the reputation of an ISP with millions of zombies for
their criminal purposes. Admittedly that reputation won't be
good, but still better than "eboy" = "unknown stranger".
How is this any different than what we are doing with reputation
systems based on IP right now?
> Seldom does less information improve security however.
Make sure that "eboy" is treated as the "unknown stranger" it
is, even if isp.example.com signed it, and there's no problem.
An eboy-SSP trying to change this should be ignored.
Basing reputation on key provider wouldn't be prudent. If I were a
less than honorable person, I would send all my spam using someone
with a good reputation (goodrep.com) as my DSD. My sig fails because I
purposely munged it, there is no policy saying that this should
definitely be rejected. Because goodrep.com can not publish all of the
domains that it signs for, it is helpless to do anything about this.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html