Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-11 05:56:08
Michael Deutschmann wrote:
On Tue, 6 Oct 2009, Stuart D. Gathman wrote:
(regarding a DKIM flag for SPF)
This can't be verified until the entire message is received.
If you know there are no incoming traditional forwards, you can still
reject SPF-fail messages at RCPT TO, as before.
This would just give cautious admins who would otherwise resort to Crap
Receiverside mitigation (ie: treat fail as neutral), a way to give
potentially forwarded mails a second chance, without letting through any
messages the purported sender disapproves of.
I believe it is possible to reject as soon as you see the DKIM-Signature
header, but the problem will be the same as SPF - too many legitimate
messages still have crap authentication. Yet another chicken-and-egg
situation.
In this message:
Authentication-Results: mta399.mail.re4.yahoo.com
from=talamasca.ocis.net; domainkeys=fail (bad sig);
from=talamasca.ocis.net; dkim=neutral (no sig)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=2006-04-29;
d=talamasca.ocis.net;
b=sz+JhrXN7SDhsoGpgbaWnaAbsGY4yeCKiEuape/zVe8lsmTxYMQpjM5H37EZCvjY;
As to "NIH", it is not so much that as hoping "traditional" forwarding will
become inconvenient enough to die away like open relays.
To some, the end of traditional forwarding has been just over the horizon
ever since SRS was proposed. Meanwhile, this attitude has permanently
damaged SPFv1 by inspiring the use of Crap Senderside mitigation (ie:
never use "-all").
Last I heard 3% of SPF records ended in "-all", and 0% of forwarders are
using SRS. Has there been any change in the last year?
-- Dave
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH,
David MacQuigg <=
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
- Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann
- Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
|
Previous by Date: |
[spf-discuss] SPF Mail Summary Report, spf-discuss |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Michael Deutschmann |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|