Florian Sager wrote:
http://www.mipassoc.org/arf/specs/draft-shafranovich-feedback-
report-02.html#rfc.section.4 claims that the original email has to be
contained (with rather few modifications). Unfortunately any
information
sent back to the signing authority (that should be linked to the
reporting address) can be used to detect the spamtraps (even the
subject, the DKIM identity or the date contained in the first section
of
the ARF report could be correlated to a spam trap address).
Any ideas how to handle this? I guess "give no feedback" is the
unsatisfying solution.
The report doesn't reveal whether that address is a spamtrap, an end
user, a role account, or even whether or not that address would ever
accept any non-spam message. Or, to stay related to this proposal, it
doesn't reveal whether or not that address would ever accept a message
which passed DKIM verification.
(Some ARF report generators have chosen to redact the recipient address.
This is technically a violation of the spec, but they do it anyway and
it's pretty clear that nobody's going to talk their lawyers out of it.)
--
J.D. Falk
Receiver Products
Return Path
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html