ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] General Feedback loop using DKIM

2009-05-28 16:09:14


What I'm trying to asses is do you query the DNS for every signed
message that is reported, or only for the ones which have a domain or
d= that is registered with you to receive ARF reports.

I was under the impression that the goal of this discussion was to
remove the need for an FBL registration process.

You would query for every report concerning a domain that meets your
trust/reputation requirements if you have any.

Also this would add one DNS query to the set of queries. It is
additional resources.
It would add one query, or possibly more depending on how delegation works.


It may be early, but just trying to asses what is the least costly for
the reporter.


We currently send reports to over 80k domains.  I would wager that the
domains who currently sign are a subset of those (spammer domains
included), but if someone actually wants me to dig around to prove it I
suppose I can.  Going forward, domains that care enough to sign their
mail will care enough to want abuse reports.

On privacy issues, some ARF processors strip the report from any
potential user identification, To: Message ID, email in the content
etc...

That's to protect the privacy of the reporter, not the privacy of the
message author.  You would be surprised how many folks on shared IP
addresses try to get an FBL for the entire IP address instead of just
their domain.  DKIM based FBLs should clear up that specific issue, but
I'm sure there will be some new 'gotcha'.

correct, I mean I agree, but you know also that in the case of mailing
lists, the sender puts a fingerprint to circumvent this anonymization
process, otherwise, the report would be mostly useless.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html