Douglas Otis wrote:
When this header is used to establish message annotations, listing a
compromised system by IP address for an extended period offers a means
to help ensure annotations are withheld. Such a listing by the IP
address would be less disruptive than when done by the domain. When
done by the domain, all messages will be prevented. When done by the
IP address, only those from the listed compromised system are
affected. In addition, IP addresses that are dynamically assigned are
also often persistently listed as such, and are seldom used to send
email.
Why is execution of an IP-based DNSBL at the border MTA not an adequate
solution to this problem? That's the solution consistent with this draft.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html