On Apr 29, 2008, at 10:36 AM, Wietse Venema wrote:
John Levine:
I think I'm not the only one making assumptions here.
Of course not.
I'm honestly trying to figure out whether any mail systems treat mail
from sub.foo.com as being from foo.com when they make decisions about
sorting, filtering, and so forth. That's why I'd really appreciate
some actual examples if there are any. I'm not trying to be
confrontational here, I'm trying to gather data.
As far as I can tell, nobody does, but the whole issue of the tree
walk is predicated on this assumption. If the assumption is indeed
untrue, the treewalk (in any of its varieties) serves no purpose and
we can just get rid of it.
We're trying to solve two different problems at the same time.
Question 1: What do real DNS deployments look like? Seems no-one
can answer that here. Everyone is concerned that ADSP introduces
unnecessary barriers for deployment, but discussions about
random real or fictitious pain symptoms are not the best way
to define a solution.
This is an argument to avoid ugly ad-hoc hacks like the two-level
DNS dance, because they lack a sound foundation.
Question 2: What would the "bad guys" do to side-step DKIM/ADSP,
for some particular set of ADSP implementation details? I can
answer that with confidence. They will do everything that gets
their email through the filters. Unlike ADSP implementors,
spammers are not bound by the rules of the RFC. Our lack of
imagination should not give us a false sense of security.
This is an argument to have some "safety net" mechanism like
the ugly two-level dance that automagically covers all nodes
at the same DNS level; nailing non-existent domains at lower
DNS levels is already trivial without ADSP.
As fas a I'm concerned someone can toss the coin and be done with
it. I'd rather have something that mostly works now, than something
that will be perfect for one microsecond. No system can be perfect
permanently with respect to constantly changing threats.
There's a third question too. Is ADSP supposed to stand on it's
own, or can it make assumptions about the rest of the filtering
system it's embedded in? If the latter, does it need to be explicit
about it?
Everyone is pretty clear that if mail is "From" a non-existent
domain, it's not likely to be delivered. As such, it's not unreasonable
to not worry about the nasty failure modes in an ADSP algorithm
if they are only triggered by a non-existent domain. But, does the
process of not worrying about it require that it be documented
within the ADSP spec?
None of that will make any difference to real world operational
use, if any, it's just spec wordsmithing.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html