Re: [mail-vet-discuss] Risks when annotating email-addresses contained w


An Intermediate MTA can easily perform path registration checks when  
the border MTAs are known by the Intermediate MTA.  This data would  
only be known by the Intermediate MTA adding the Authentication- 
Results header, and not to plugin vendors adding email annotations.

We have worked with these vendors that offer such MUA and browser  
plugins that check the IP address of the MTA sending the message  
before adding their annotations.  This is done unseen in the background.

It is common to find abuse occurring due to policy exceptions that are  
granted less scrupulous sales departments.  This email is often  
isolated to "advertising" servers.   Abuse also often occurs when one  
out of many MTAs becomes compromised.  Those providing enhanced  
information to recipients can better protect their clients and cause  
less disruption to email when these providers are allowed to block  
only the affected SMTP servers identified by their IP address, rather  
than blocking an entire domain offering authorizations.

As was stated several times before, those providing reputation  
services MUST ensure only negative reputation is assigned to verified  
identifiers.  In the case of the SMTP client IP address, this means  
being able to identify the IP address seen at the border, and to  
ensure there is no evidence of BGP spoofing.   By carefully monitoring  
the IP address space, a significant level of additional protection can  
be afford recipients.   As was stated for Sender-ID, whether the  
sender has assured PRAs are restricted by outbound MTAs is unknown,  
and therefore it is not safe to assume it was.  An error in this  
assumption, and any negative reputations that might occur which did  
not originate from the authorizing domain, will be injurious to this  
domain.  It is much safer to depend upon the IP address of the SMTP  
client in these cases instead.  By all means, those offering services  
that are likely to be phished should be using DKIM instead.

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, (continued) Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Douglas Otis Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Douglas Otis Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, J.D. Falk Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Douglas Otis Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Tony Hansen Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Douglas Otis [mail-vet-discuss] displaying reputation results (was Re: draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04), J.D. Falk Re: [mail-vet-discuss] displaying reputation results (was Re: draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04), Murray S. Kucherawy Re: [mail-vet-discuss] displaying reputation results (was Re: draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04), Douglas Otis Message not available [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis Message not available Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis <= Message not available Message not available Message not available Message not available Message not available Message not available Message not available Message not available Message not available Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis Re: [mail-vet-discuss] draft-kucherawy-sender-auth-header and last call draft-hoffman-dac-vbr-04, Douglas Otis Re: [mail-vet-discuss] Auth-Results installed base, Michael Adkins Re: [mail-vet-discuss] Auth-Results installed base, Murray S. Kucherawy

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis
Next by Date:	Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis
Previous by Thread:	[mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis
Next by Thread:	Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis

Next by Date:

Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis

Previous by Thread:

[mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis

Next by Thread:

Re: [mail-vet-discuss] Risks when annotating email-addresses contained within Authentication-Results header., Douglas Otis

Indexes:

[Date] [Thread] [Top] [All Lists]