[ietf-dkim] identity vs domain, battles of years past, and bot-nets.

[J.D. Falk]

On 10/07/2008 13:10, "Douglas Otis" <dotis at mail-abuse.org> wrote:

> Over DKIM's development span, bot-net behaviours have changed and are
> becoming more stealthy.  Much of this change may be in reaction to
> greater proportions of IP address space being blocked.  As a result,
> an increasing proportion of bot-net originated spam is sent through an
> ISP's outbound server by exploiting accounts obtained from bot-net
> 0wned customer's machines, rather than directly from the 0wned
> machine.  Unfortunately, ADSP's current Author Signature definition
> depends upon the ISP either affirming the identity of the Author or
> leaving the "on-behalf-of" identity blank and ambiguous. This is a
> tragedy.

It's only a tragedy if your only goal is to easily catch botnet-sourced
spam.  That may be a goal for Trend Micro, and it's been a goal of mine, but
I'm pretty sure it's never been a goal for DKIM.

The access method classification assertions you suggested (which I didn't
quote) don't need to be part of DKIM, because they'll be equally valid and
equally useful for non-DKIM-signed mail.  If you're going to pursue this,
I'd strongly urge you to do it as a separate, standalone project.  DKIM can
make that project stronger, and that project may make DKIM useful in more
areas, but neither goal requires the other to succeed.

-- 
J.D. Falk
Return Path

Work with me!
http://www.returnpath.net/careers/