We have already given thought to that and have reporting set up to see what
failed the query on the sites we are beta-ing this between. Naturally it only
works between sites that have it running. But, in the last 3 weeks alone we
have stopped over 15,000 spoof attacks amongst the sites (people pretending to
be one of the sites we have it running on and trying to email that site or one
of the others in the network) with 0 false positives.
Bill McInnis
Messagelevel.com
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker(_at_)verisign(_dot_)com]
Sent: Friday, June 18, 2004 1:13 PM
To: 'Jon Kyme'; Bill Mcinnis
Cc: ietf-mxcomp(_at_)imc(_dot_)org
Subject: RE: Alternative to TXT or new RR
why not have a mechanism that can sit on their domain and verify to
those asking if a message came from their domain
or network
Why not indeed, however, a mechanism for answering that question
probably isn't in scope here.
We need some form of reporting function for exceptions. If my site is being
phished I would like to be told.
"Got message serial # wqwqkjwheqwekjh, failed MARID verification"
"Thank you"
or
"Oh that was genuine, must be a relay"
Should consider this at recharter time.
----
This outgoing message is guaranteed to be authentic by MessageLevel users.
Guarantee the authenticity of your email @ http://www.messagelevel.com.