Jeff Macdonald wrote:
I'm a bit behind on this but:
On Thu, Nov 29, 2007 at 03:43:55PM -0500, J D Falk wrote:
I agree, that would be extremely helpful -- but DKIM's i= won't give
it
to us. (Unless you're assuming that these same botnet operators will
allow themselves to be corralled into a single identifer, which
clearly
isn't the case.)
this thinking needs to be applied to d= too. And once you do that,
then the logical conclusion (well, to me :)) is that d= isn't any
better as an identifier.
A bad guy buying another domain name is a threat we already have to deal
with today. It's not a high barrier, but it is a barrier.
The same bad guy having an infinite number of entirely distinct i=
identities at each of those domains would be a new threat, equal to
forging the From: header -- and the obvious conclusion will be to ignore
i= and instead concentrate on d= (along with other reputation inputs.)
But since this is about reputation, it's out of scope.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html