Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH
2009-10-19 05:36:43
--On 17 October 2009 15:06:11 +0200 Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
Ian Eiloart wrote:
Without having some kind of worldwide individual identity system, it
just can't be done.
No, we can.
At the university of Sussex, you mean?
I'm not talking about what we do at Sussex, I'm talking about what I'd like
to see in future. It's possible that it could provide some benefit now, but
the benefit would increase as SPF and DKIM become more widely deployed.
I mean that you don't need a comprehensive worldwide individual identity
system in order to assign reputation to email sender addresses. What you
need to do is (a) verify the sender address domain with DKIM or SPF, and
(b) make reasonable assumptions about the operation of the domain.
I think it's reasonable to assume that a domain operator won't permit one
user to spoof another user's sender address. If that's untrue, then the
domain's users and managers will need to sort out any negative
consequences.
What I mean by "spoofed" is that the email was sent from the
account that it claims to be sent from. For gmail, for example, a valid
DKIM signature is enough that I can assign reputation to the purported
author. I don't need a worldwide ID system, I just need to know that the
account that I'm judging is the correct one.
As an admin, I can't just reject all gmail email. I have no choice but
to try to distinguish between good and bad senders. However, I can
assign a default reputation to ESPs like gmail, for previously unseen
users in their domain.
That seems a very clever work to me. I have two very basic questions
about it:
1) How large does your database grow?
Probably not as large as the IPv6 address space. Probably not as large as
the indexes on my mailstore.
2) Do you [think to] publish that data?
Yep. I imagine that sender reputation services will become as widespread as
IP reputation services. Maybe that's what you mean by a "worldwide
individual identity system"? In which case, the answer is yes. However, it
may only be necessary to publish individual addresses with scores that
differ greatly from the domain default; known spammers or well behaved bulk
senders.
Assuming that you reckon senders' reputation based on your users'
complaints, if you forward them (or an anonymized version thereof) to
google, you may be able to track their reactions, if any. Did you ever
[try to] get in touch with google about such results? What percentage of
gmail's users do you think you are tracking?
I'm also curious about possible generalizations. For different identities
of the same user, gmail adds --and signs-- a Sender header. That's not a
universal practice. Some other mail sites may mention the authenticated
id in their Received header. How do you handle those cases?
TIA for expanding this subject
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- Re: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Stuart D. Gathman
- RE: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH,
Ian Eiloart <=
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Next by Date: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely |
Previous by Thread: |
[spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely |
Next by Thread: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|