Re: MASS plus Sender-ID


Tony Finch writes:

Indeed there is; see draft-fenton-identified-mail-01.txt section 9.1.4.  
The
problem is that there is no way I can think of to differentiate an MTA that
forwards mail to multiple addresses from a spam replay, other than intent 
and
(possibly) the number of addresses that the messages is forwarded to.  It's
hard to detect even the latter, unless you're a large enough domain to get 
a
large number of copies of the same message with the same signature.


If verification involves some kind of callback then the sending site
(webmail.com) can track the number of copies of a given message that have
been received. It can then revoke its signature if a threshold is passed,
or rate-limit verifications if the spam decision isn't clear.


Part of my hand-wringing included this thought and I quickly
shuddered at the thought of the scaling implications, not to
mention DDOS opportunities.

                  Mike

<Prev in Thread]	Current Thread	[Next in Thread>
MASS plus Sender-ID, Hallam-Baker, Phillip Re: MASS plus Sender-ID, Tony Finch Re: MASS plus Sender-ID, Justin Mason Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Justin Mason Re: MASS plus Sender-ID, Jim Fenton Re: MASS plus Sender-ID, Tony Finch Re: MASS plus Sender-ID, Michael Thomas <= Re: MASS plus Sender-ID, domainkeys-feedbackbase01 Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Mark Baugher Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Hallam-Baker, Phillip Re: MASS plus Sender-ID, Michael Thomas

Previous by Date:	Re: MASS plus Sender-ID, Michael Thomas
Next by Date:	Re: MASS plus Sender-ID, domainkeys-feedbackbase01
Previous by Thread:	Re: MASS plus Sender-ID, Tony Finch
Next by Thread:	Re: MASS plus Sender-ID, domainkeys-feedbackbase01
Indexes:	[Date] [Thread] [Top] [All Lists]