no one can tell how the reputation services for CSV will operate, but
we can look at the DNSBLs in use today. several of these have a
stated policy of never removing any IP addresses used for spamming.
I would hope that reputation services accessed with CSV's DNA are not "for"
CSV.
CSV provides a query mechanism, but what is significant about reputation
ratings
is not the access method but the nature of the identity being assessed and the
policies for assessing it.
The identity that CSV covers is the administrator of a host name that is cited
by the client SMTP. More simply, CSV involves the identity of an MTA operator.
It is not an accident that CSV targets the same kinds of identities for which
there is the most experience with white- and black-lists. Although they use IP
Addresses, they pertain to operations identities, not author identities.
Hence, it is certainly reasonable to look at the range of existing white- and
black-list operations and project that their considerable variation in
assessment policies would be similar to the listing services that might be
queried with CSV's DNA.
as the two reputations in CSV aren't connected, it is safe to say that
the recovery will be quick...
No doubt my confusion is from not reading this thread carefully enough, but I
do
not know what "two" reputations are being referenced. CSV deals with one
identity, namely the host name provided in the client smtp's helo/ehlo command.
If CSV uses "MAIL FROM" for reputation, then it has pretty much
the same issue as any other proposal using that field.
yes, I think it has been established by now that "MAIL FROM" can't be
used without breaking e-mail or being vulnerable to replay attacks.
At some point, having detailed discussion about a specification ought to
presume
that participants have read the specifications.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net