On Nov 29, 2007, at 12:00 PM, J D Falk wrote:
Jon Callas wisely cautioned:
It also strikes me as odd to assume that a receiver/verifier WANTS
to track individual users (or user-equivalent entities) within the
responsible domain.
Agreed.
That's a ton of extra work, for very little benefit (from an anti-
spam point of view.)
No. With there being so many bots, it is common to find a large domain
sending a fairly high level of spam. It would be helpful if there
were a means to mitigate spam from such a domain without blocking the
entire domain. In addition, don't forget about the replay issue.
The attack here is obvious: spammers will simply use a new i= per
message, much as they rotate through every other possible
identifier. So, anyone hoping to use i= to identify spammers will be
forced to move back up to d=.
This is not a problem. The domain will not be of mixed content.
As we continue thinking about this stuff, it's important to remember
that methods for identifying "good" messages don't directly convert
to methods for identifying "bad" messages.
The problem is being able to identify the responsible entity for
having issued the spam. DKIM clearly works at the domain. It might
be able to extend to the email-address when additional assurances have
been made. See scope=.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html