On 10/07/2008 13:10, "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org> wrote:
Over DKIM's development span, bot-net behaviours have changed and are
becoming more stealthy. Much of this change may be in reaction to
greater proportions of IP address space being blocked. As a result,
an increasing proportion of bot-net originated spam is sent through an
ISP's outbound server by exploiting accounts obtained from bot-net
0wned customer's machines, rather than directly from the 0wned
machine. Unfortunately, ADSP's current Author Signature definition
depends upon the ISP either affirming the identity of the Author or
leaving the "on-behalf-of" identity blank and ambiguous. This is a
tragedy.
It's only a tragedy if your only goal is to easily catch botnet-sourced
spam. That may be a goal for Trend Micro, and it's been a goal of mine, but
I'm pretty sure it's never been a goal for DKIM.
The access method classification assertions you suggested (which I didn't
quote) don't need to be part of DKIM, because they'll be equally valid and
equally useful for non-DKIM-signed mail. If you're going to pursue this,
I'd strongly urge you to do it as a separate, standalone project. DKIM can
make that project stronger, and that project may make DKIM useful in more
areas, but neither goal requires the other to succeed.
--
J.D. Falk
Return Path
Work with me!
http://www.returnpath.net/careers/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html