ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] OT: stupidity (was: bot-nets)

2008-06-26 16:08:05
from [Frank Ellermann] [Permanent Link] 
Douglas Otis wrote:
  

This provider publishes SPF records


What a vague description, do they also publish WKS or MX
records ?  I trust that this has nothing to do with DKIM.


the PRA is not restricted.


That could mean that they have no spf2.0/pra (or similar)
policy, or if they have it that there is no chance to get
a FAIL for any sending IP, or if there are FAILing cases,
that some IPs could result in NEUTRAL, for values of some
up to "almost all".


a recipient of their message might be convinced to process
perhaps nine macro expanded SPF records evaluating a PRA
targeting some victim


A policy of an ordinary provider won't "target some victim".
A chain of nine "include:" or "redirect=" records eats up
nine of ten directives permitted to trigger additional DNS
queries.  

To get any "victim" in this scenario the policy has to use
nine "include:victim.example", which might be an attack or 
stupidity.  Because your description was about an ordinary
provider "attack" is out, so tell them how to get it right,
with a copy to abuse(_at_)victim(_dot_)example 


The problem that SPF sans Sender-ID hoped to solve is
more safely handled by adoption of RFC3834.


Actually the problem tackled by RFC 4408, i.e. backscatter,
would defeat the core of 2821bis, RFC 3834, and RFC 5230,
where it is not solved.  As nothing else offers a general
solution - ignoring the obsolete reverse routes in STD 10 -
everybody is free to use a crystal ball or SPF to judge an
envelope return address, as the known precondition to make
2821bis and RFC 3834 work as designed.

And I'd wish that one of my providers would at least use a
crystal ball instead of accepting fake bounces allegedly
from postmaster(_at_)my(_dot_)provider(_dot_)example with ZIPped worms =>
not all rubbish requires SPF, a minimal IQ can also help.


A reputation service could help make that happen.


In that particular case I fear they'd end up with "it is
from me, I trust me", and continue to dump the worms in my
mailbox.  SpamCop always informs me that the open proxies
are known.  Stupidity is certainly a major factor wrt mail.

Folks could manage to decorate open proxies with a PASS :-(
But at least any bounces would then hit the stupid party.

 Frank

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not an issue: multiple From headers, Douglas Otis
Next by Date:  [ietf-dkim] bot-net concern explained, Douglas Otis
Previous by Thread:  [ietf-dkim] bot-nets, Douglas Otis
Next by Thread:  [ietf-dkim] bot-net concern explained, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]