On Fri, Aug 06, 2004 at 12:36:28PM -0400, Andrew Newton wrote:
At IETF 60, I was approached by a very large ISP willing to do some
testing of the MARID proposals (Sender ID & CSV). They have asked for
advice on testing, so I thought I'd ask the experts (you!).
What kind of ISP? Hoster of large number of domains? Or many users
within a single domain?
An important test would be the definition of MARID records. Where do
these records come from? Give every customer a default record which
should work for most of them and allow them to modify? Or let users
start from scratch? Is the average user able to understand what's
going on? What kind of user interface? How much load does this mean
for the hotline people required to help users? How long does the
average user need to have a correct record and how many tries? How
many 'good' mails are lost until so? How frequently does the average
user change the record after he had a working one for the first time?
Is the average user able to understand this at least in principle?
What impact does it have on mail delivery? Do users prefer to cover
their own machines with the record or do they deliver through the
ISP's machines?
What's the average length of the MARID record? How many replies do not
fit into a UDP DNS result?
Are MARID records an invitation for attacks? Are machines mentioned in
MARID records under higher attack than others?
How does the load of the DNS servers increase? Do they need faster
processors, more memory, more bandwidth?
And again: Fox6 News reported that policy departments are launching
special task forces against phishing. It would be good to get into
contact with them to find out whether they do know anything about
fraudulent attacks what we don't know yet but need to take into
consideration.
Hadmut