On Nov 29, 2007, at 12:43 PM, J D Falk wrote:
Doug Otis opined:
That's a ton of extra work, for very little benefit (from an anti-
spam point of view.)
No. With there being so many bots, it is common to find a large
domain sending a fairly high level of spam. It would be helpful if
there were a means to mitigate spam from such a domain without
blocking the entire domain.
I agree, that would be extremely helpful -- but DKIM's i= won't give
it to us. (Unless you're assuming that these same botnet operators
will allow themselves to be corralled into a single identifer, which
clearly isn't the case.)
The provider might limit i= annotation to those accounts specifically
assigned the particular email-address. This would not be easy,
however RFC2554/4954 and RFC4409 provide a foundation for such a
mechanism. It might be easier to use opaque identifiers, where SSP
policy indicates these identifiers relate to an account granted
access. This assertion could look something like scope=F-a. Either
scope=F-i or scope=F-a would be making an assertion about what is
being authenticated. Scope=F (the default) would indicate the DKIM
signature is independent of access/email-address identity
authentications.
Scott Kitterman responded:
Then find a solution other than DOMAIN Keys Identified Mail for
that problem. A user level reputation system is going to be at
least an order of magnitude harder than domain reputation and we
really don't have the domain level problem figured out yet.
+1
This information still allows valuable message annotations to better
protect individuals from intra-domain spoofing. Intra-domain spoofing
would be a greater problem for large domains. Such authentication
assertion could indicate whether the recipient should even attempt to
validate the signature when faced with too many abusive replays.
When a signing domain fails to offer some intra-domain identifier,
bots and replay abuse may make validating DKIM signatures unable to
justify the resources required. Some intra-domain identifier, opaque
or otherwise, could provide a practical means to deal with an abuse
problem. The alternative is the reputation of SMTP client IP
address. While larger domains represent less that 15% percent of the
all email-sources, these large domains also represent more than 90% of
the total message volume. Bots are leveraging this situation in a
major way.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html