[ietf-dkim] OT: stupidity (was: bot-nets)
nobody at xyzzy.claranet.de
Thu Jun 26 15:09:34 PDT 2008
Douglas Otis wrote:
> This provider publishes SPF records
What a vague description, do they also publish WKS or MX
records ? I trust that this has nothing to do with DKIM.
> the PRA is not restricted.
That could mean that they have no spf2.0/pra (or similar)
policy, or if they have it that there is no chance to get
a FAIL for any sending IP, or if there are FAILing cases,
that some IPs could result in NEUTRAL, for values of some
up to "almost all".
> a recipient of their message might be convinced to process
> perhaps nine macro expanded SPF records evaluating a PRA
> targeting some victim
A policy of an ordinary provider won't "target some victim".
A chain of nine "include:" or "redirect=" records eats up
nine of ten directives permitted to trigger additional DNS
To get any "victim" in this scenario the policy has to use
nine "include:victim.example", which might be an attack or
stupidity. Because your description was about an ordinary
provider "attack" is out, so tell them how to get it right,
with a copy to abuse at victim.example
> The problem that SPF sans Sender-ID hoped to solve is
> more safely handled by adoption of RFC3834.
Actually the problem tackled by RFC 4408, i.e. backscatter,
would defeat the core of 2821bis, RFC 3834, and RFC 5230,
where it is not solved. As nothing else offers a general
solution - ignoring the obsolete reverse routes in STD 10 -
everybody is free to use a crystal ball or SPF to judge an
envelope return address, as the known precondition to make
2821bis and RFC 3834 work as designed.
And I'd wish that one of my providers would at least use a
crystal ball instead of accepting fake bounces allegedly
from postmaster at my.provider.example with ZIPped worms =>
not all rubbish requires SPF, a minimal IQ can also help.
> A reputation service could help make that happen.
In that particular case I fear they'd end up with "it is
from me, I trust me", and continue to dump the worms in my
mailbox. SpamCop always informs me that the open proxies
are known. Stupidity is certainly a major factor wrt mail.
Folks could manage to decorate open proxies with a PASS :-(
But at least any bounces would then hit the stupid party.
More information about the ietf-dkim