Gotcha.
That's why we've implemented a "cached" dns scheme in our implementation model
in order to avoid redundant queries for the same domain.
Also the sender is not performing any DNS queries but rather storing
origination records. Again, the sender is probably already storing email
records in a log file; however, we're storing unique records in a queryable db
structure.
You're absolutely right that a spoofing system could slam a receiving system
with illegitimate emails, but that could happen in any embodiment. The
difference is that a Message Level scheme is the only one that entirely
guarantees full security, anti-hijacking of keys, and absolutely No false
positives. As such, we feel as though it's where we are all going to end up
eventually.
bill
---------- Original Message ----------------------------------
From: Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
Date: Tue, 20 Apr 2004 17:04:26 -0700
On Tue, 2004-04-20 at 16:01, Bill Mcinnis wrote:
<snip>
It's really no different than submitting to and querying an RBL which
are already widely used.
For the receiver, not only DNS lookups are required to search for
possible "message signature agents", a query is also required of these
discovered entities for "every" message received. For the sender, this
happens for each message sent and for each message spoofing the domain
of the sending system (a problem not addressed by this scheme), placing
a burden on "message signature agents" now in the path of all mail
messages rightfully or wrongly carrying the domain of the sender. This
is a significantly different model.
-Doug