ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: Adding SMTP client Requirements

2007-05-27 13:07:37
At 12:28 27-05-2007, Douglas Otis wrote:
Associating SMTP clients with the DKIM Domain provides a means to
extend replay abuse mitigation strategies and accommodate a greater
range of usage scenarios.  This extension is able to cover cases
where the SMTP RCPT TO is not contained with the message.  This
situation likely occurs with BCC, mailing-lists, and forwarded
messages.  Granted, forwarding domains must be specifically listed,
whereas this scheme accommodates thousands without imposing
additional lookups.

We don't know through which forwarders the mail will go through before reaching its final destination. This message, for example, could have gone through a forwarder to reach my mailbox.

The scheme proposed by DOSP could be revised to exclude the left-most
domain label in the hash to establish a type of shorthand.  To limit
which hosts associate as an SMTP client, SMTP clients must then be
assigned a specific sub-domain.

For those domains where some hosts are not trusted, SMTP clients
would be placed within a sub-domain, for example 'mxo'.

 host1.mxo.large-isp.com
 host2.mxo.large-isp.com

How does that prevent replay abuse? If some hosts are not trusted, mail from them should not be DKIM-signed.

Can you provide a specific example where DKIM signed mail from dotis(_at_)mail-abuse(_dot_)org to me is protected from abuse?

Regards,
-sm
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html