On 4/2/10 1:27 AM, Alessandro Vesely wrote:
On 24/Mar/10 21:10, Murray S. Kucherawy wrote:
[...] and is partly an offshoot from a larger issue that will probably need
its own working group;
Did you ever mention what that larger issue consists of? If you did, I
missed it...
I'd annotate a few additional minor issues here, which may eventually
be addressed in that WG you mention, or in a marf recharter:
* DKIM-Reputation. I currently get
Authentication-Results: wmail.tana.it;
dkim=pass header(_dot_)i=(_at_)mipassoc(_dot_)org;
x-dkim-rep=neutral (-100 from al.dkim-reputation.org)
header.d=mipassoc.org
Standardizing this method will allow to remove the "x-". Presumably,
"al.dkim-reputation.org" should live in a "host=" sub-field rather
than inside a comment.
* Ditto for ADSP.
* "Report" and "Reported" as IMAP keywords for requesting to send an
abuse report and, respectively, flagging that as done --OT here.
* "Report-To" (or "Reportable", or "Abuse-Report-To") as an additional
Authentication-Result method whereby the MTA responsible for receiving
the message conveys that, based on other methods and any additional
knowledge internal to the MTA, that host will accept an ARF for this
message. The syntax may be something like
Authentication-Results: resp-mta.example.com;
report-to: abuse;
to mean<abuse(_at_)resp-mta(_dot_)example(_dot_)com>, which would be assumed
by
default in case resp-mta.example.com is an SMTP host (MX/A/AAAA).
Variations?
Since DKIM is designed to allow signature replay, the IP address seen by
the border MTA might be needed to squelch messages abusively being
replayed beyond the control of the signing domain. A reputation
response needs to suppress problems while causing minimal disruption.
To best achieve this, the location of the IP address seen by the border
MTA should be standardized to better enable centralized assessments.
Correcting abuse will need to determine whether the issue is with the
signing domain or the sending IP address. It could invite replay abuse
by assuming all large ISPs will have their signatures white-listed.
When abused, this would erode the value of using DKIM reputation.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html