Victor Duchovni wrote:
On Fri, Dec 12, 2008 at 11:47:17AM -0800, Murray S. Kucherawy wrote:
It seems I need to re-confirm this group's consensus on a point of the
draft as it proceeds through IESG evaluation.
The scope of this work has always been pretty narrow: We take the output
of message authentication methods and relay them to MUAs
MUAs or (and perhaps more frequently) downstream filters.
Although this point has absolutely no impact on the normative specification, it
has bothered me, too, that the document only refers to consumption by MUAs.
The main problem with this, is that MUAs see messages multiple times,
potentially days, weeks or years later, and the IP reputation is pretty
useless at that point. So, for MUAs, it is the reputation and NOT the IP
that would be needed in the message, but of course the MTA does not know
which reputation systems to query in this context.
Interesting point.
There has generally been an acknowledgement that domain name-based reputations
can align more easily with organizational boundaries, but I had not quite
connected with the fact that IP Addresses are simply less stable.
Don't know about the group, but I personally think that MUAs don't
need this, and would likely misuse it. Filters between the MUA and
MTA do need IPs for reputation lookups, but this specification may
not be the best vehicle.
Could you expand on your concern about misuse?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html