|
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH
2009-10-19 08:09:59
Ian Eiloart wrote:
I'm not talking about what we do at Sussex[...]
Ooops, I misunderstood your words :-(
I mean that you don't need a comprehensive worldwide individual identity
system in order to assign reputation to email sender addresses. What you
need to do is (a) verify the sender address domain with DKIM or SPF, and
(b) make reasonable assumptions about the operation of the domain.
Agreed.
I think it's reasonable to assume that a domain operator won't permit
one user to spoof another user's sender address. If that's untrue, then
the domain's users and managers will need to sort out any negative
consequences.
The point is how well it's possible to either corroborate or dispute
such an assumption based on statistical evidence. That assumption is
not reasonable in general, a policy statement and some other knowledge
about the domain are needed.
2) Do you [think to] publish that data?
Yep. I imagine that sender reputation services will become as widespread
as IP reputation services. Maybe that's what you mean by a "worldwide
individual identity system"? In which case, the answer is yes. However,
it may only be necessary to publish individual addresses with scores
that differ greatly from the domain default; known spammers or well
behaved bulk senders.
If the domain cooperates, they would take steps so as to stop those
[ab]users. In such case, while publishing all the data may still be
useful for checking the veracity of your activity, only your word
about the domain's cooperation is strictly necessary. I'd call such
activity vouching for that domain, in rfc5518's sense.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- Re: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Stuart D. Gathman
- RE: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH,
Alessandro Vesely <=
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
Re: [spf-discuss] SPF, DKIM, and NIH, Scott Kitterman
|
| Previous by Date: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart |
| Next by Date: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart |
| Previous by Thread: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart |
| Next by Thread: |
Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart |
| Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|