[Top] [All Lists]

Re: Anything else on the content?

2006-10-30 17:02:50


Now I have to wait for the payload to decide if the return path is valid. Wonderful!


----- Original Message ----- From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "John C Klensin" <john+smtp(_at_)jck(_dot_)com>
Cc: "John Leslie" <john(_at_)jlc(_dot_)net>; "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Monday, October 30, 2006 5:57 PM
Subject: Re: Anything else on the content?

One more note supporting the concept of a mechanism for associating domains:

A DKIM signing-domain should relate to the sending entity to be useful at reducing abuse. The entity held accountable by their IP address should receive relevant abuse feedback validated by the DKIM signature. Thus the DKIM signature may typically not match the 2822.From or the 2821.MailFrom where an association mechanism can be used instead. As a DKIM signature can be replayed, DoS protections are found by an association of the SMTP Client with the DKIM signature. Messages where the SMTP-Client/Signing-domain && Signing- domain/MailFrom can not be associated, then acceptance should be on a limited basis. The limitation could be rate limiting for example. An association mechanism also removes any need for private keys or DNS zones to be exchanged between domains.