On Sun, 2005-08-07 at 21:53 -0400, John R Levine wrote:
The damage done to mailing lists reputation may also be the effect of
collateral damage caused by other servers sharing the same IP address
space.
No, that's not what I said. Please go back and re-read my previous
messages, paying particular attention to the fact that what mailing lists
normally do, with no abuse at all, no spammers involved, nothing other
than what they do every day in correct operation, is identical to a
"replay attack",
I agree mere existence of replicate signed messages would not be a
positive indication of spam. Schemes that attempt to filter messages
based upon replicate message rates are error prone, and this would
include those messages seen from a mailing list. This would be true
regardless as to whether the mailing list re-signed messages or not.
You make a good point such methods used to detect abuse would require
extensive white-listing to avoid errors. While mailing lists re-signing
messages may allow the white-list to be based upon names, it would be
more likely that the white-list would be IP address based anyway.
Reputation would then still include the IP address, which would not
provide protection from collateral damage when using the IP address for
white-listing.
The damage to mailing lists has nothing to do with "other servers sharing
the same IP address". The damage to mailing lists is that any scheme that
prevents spammers from delivering 100 copies of a message to spam
recipients will also prevent mailing lists from delivering 100 copies of a
message to the recipients who asked for it.
Any so-called replay prevention scheme is a direct attack on the normal
operation of mailing lists. Can I make that any clearer?
I agree with you about not being able to depend upon a key or
revocation-identifier lookup rate compared to the signing rate as a
means to know whether there is a replay attack. An abnormal change in
the account as determined by the revocation-identifier, when seen in
conjunction with abuse reports, would be strong evidence there may be a
problem. Prior to signatures, the administrator may have depended upon
error logs, or abnormally high sending rates as confirmation of abusive
behaviors when investigating abuse reports. Signatures unfortunately
blind the administrator to possible replay abuse. The revocation-
identifier would provide some oversight that would be otherwise lost.
The only point I ever attempted to make along these lines would be that
a revocation-identifier once again provides a general indication of
_possibly_ abusive behavior. The administrator would need to confirm
their suspicions using other techniques. Abuse reports that highlight
the revocation-identifier could be helpful in this process of course.
-Doug
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim