-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
| Daniel Taylor wrote:
|
|> As I pointed out, a formal reputation system is not necessary
|> to catch fly-by-nights. New domains will usually be suspect,
|> just as people are reluctant to do critical business with
|> companies that are "too new", and new domains with overly permissive
|> SPF records will probably get blackholed with the rest of the
|> untrusted internet.
|
|
| How does a mail server know the domain is new? It has to do a whois
| lookup. Have you ever tried parsing arbitrary whois data? Have you ever
| tried requesting hundreds of whois lookups from the same IP in one day?
| If you have, you probably found that your IP got blocked by the owner of
| the whois server.
|
| A reputation scheme will require a whole new infrastructure, and someone
| will have to pay for it. And everyone will have to trust it...
|
As Mr. Gardner pointed out, greylisting is sufficient, i.e. "it's new to
me",
and overly permissive SPF records are self-evident.
I am not arguing the obvious risks of public criminal behaviour
as he has made that point quite to my satisfaction already.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBAUt38/QSptFdBtURAnAUAJsH/2UE1SzP9aehdaOm3aBXwgLbrgCbBDH3
sHEOi2bG0X5J/5DhBmM9xh4=
=Srlu
-----END PGP SIGNATURE-----