ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] General Feedback loop using DKIM

2009-05-27 11:50:34
from [Al Iverson] [Permanent Link] 
Allowing a sending entity to determine a destination for FBL reports
by embedding that information in a message header implies trust of
that sender. Signing mail with DKIM is not an indicator of trust. So
how do you know to trust that sender? It's ends up being a big catch
22, in that if you trust the sender, perhaps because they've
registered with you, then they might as well have registered with you
directly to set up the FBL that way.

Savvy anti-spammers have long had a distrust of spam reporting vectors
being defined only by the sender of the message. Systems that track
where to send complaints by IP or domain (for example, Spamcop and
Abuse.net), as well as ISPs, have run into various scenarios where a
bad actor will attempt to direct complaints back only to himself, to
keep his connectivity provider or other provider in the dark as to the
nature of the bad acts. I had an "X-Complaints-to" header in mail sent
on the platform I used to manage at my last employer. The only notice
of it taken was by angry complainers assuming that use of this header
was evidence that I was trying to guide complaints away from
upstreams. Based on all of this, I wouldn't support a mechanism that
would allow a sender to specify where reports should be sent, because
of the potential for abuse, and the (in my opinion), very small chance
that it would gain traction.

BTW, I think that dismissing FBL utility because it's only (currently)
most useful in webmail environments is a bit short sighted. I wouldn't
be surprised to see more "report spam" plugins for various desktop or
smartphone MUAs in the future. Outlook + a widely distributed report
spam button plugin = a gold mine of reputation data for spam filter
developers. I am sure that I am not the first person to think of this.



-- 
Al Iverson on Spam and Deliverability, see http://www.spamresource.com
News, stats, info, and commentary on blacklists: http://www.dnsbl.com
My personal website: http://www.aliverson.com   --   Chicago, IL, USA
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] General Feedback loop using DKIM, Franck Martin
Next by Date:  Re: [ietf-dkim] General Feedback loop using DKIM, Bill.Oxley
Previous by Thread:  Re: [ietf-dkim] General Feedback loop using DKIM, Franck Martin
Next by Thread:  Re: [ietf-dkim] General Feedback loop using DKIM, Dave CROCKER
Indexes:  [Date] [Thread] [Top] [All Lists]