OK one issue that did raise a red flag was possible privacy implications,
people will know when a message is being read.
I think that this is not a serious worry however:
* Most of the checks will be automatic and signify nothing more than that
the message passed through a validator.
* Web bugs and stupid HTML tricks have the same effect
* The user can turn it off in their user agent
I think that on the whole it is best to allow this mechanism that provides a
qualified feedback to the message sender on its deliverability and is less
objectionable than Web bugs and the other adhoc schemes.
-----Original Message-----
From: Andrew Newton [mailto:andy(_at_)hxr(_dot_)us]
Sent: Thursday, March 03, 2005 6:55 PM
To: Hallam-Baker, Phillip; MASS WG
Cc: 'Douglas Otis'
Subject: Re: In response to Housley-mass-sec-review
On Mar 3, 2005, at 6:28 PM, Hallam-Baker, Phillip wrote:
It is almost certainly sufficient to address the problem.
Agreed. Has there been any comment by the mass security reviewers
regarding this approach?
If you monitor lookups to the DNS server you can see the number of
queries
being made and thus spot anomalies. If you have a bazillion
lookups to
a
particular email and you are an open webmail provider you
are probably
looking at a spam issue.
This is a very useful side benefit.
-andy