[spf-discuss] Tracking userids --was: SPF, DKIM, and NIH
2009-10-17 09:06:51
Ian Eiloart wrote:
Without having some kind of worldwide individual identity system, it just
can't be done.
No, we can.
At the university of Sussex, you mean?
What I mean by "spoofed" is that the email was sent from the
account that it claims to be sent from. For gmail, for example, a valid
DKIM signature is enough that I can assign reputation to the purported
author. I don't need a worldwide ID system, I just need to know that the
account that I'm judging is the correct one.
As an admin, I can't just reject all gmail email. I have no choice but
to try to distinguish between good and bad senders. However, I can
assign a default reputation to ESPs like gmail, for previously unseen
users in their domain.
That seems a very clever work to me. I have two very basic questions
about it:
1) How large does your database grow?
2) Do you [think to] publish that data?
Assuming that you reckon senders' reputation based on your users'
complaints, if you forward them (or an anonymized version thereof) to
google, you may be able to track their reactions, if any. Did you ever
[try to] get in touch with google about such results? What percentage
of gmail's users do you think you are tracking?
I'm also curious about possible generalizations. For different
identities of the same user, gmail adds --and signs-- a Sender header.
That's not a universal practice. Some other mail sites may mention the
authenticated id in their Received header. How do you handle those cases?
TIA for expanding this subject
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Sanford Whiteman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- Re: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Stuart D. Gathman
- RE: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH,
Alessandro Vesely <=
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos |
Next by Date: |
[spf-discuss] Several domains, one webserver/mailserver, same IP Address, Jeff |
Previous by Thread: |
RE: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst |
Next by Thread: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|