[mail-vet-discuss] More A-R bits...

Douglas Otis dotis at mail-abuse.org
Fri Apr 2 11:58:17 PDT 2010 

On 4/2/10 1:27 AM, Alessandro Vesely wrote:
> On 24/Mar/10 21:10, Murray S. Kucherawy wrote:
>    
>> [...] and is partly an offshoot from a larger issue that will probably need its own working group;
>>      
> Did you ever mention what that larger issue consists of? If you did, I
> missed it...
>
> I'd annotate a few additional minor issues here, which may eventually
> be addressed in that WG you mention, or in a marf recharter:
>
> * DKIM-Reputation. I currently get
>
>     Authentication-Results: wmail.tana.it;
>       dkim=pass header.i=@mipassoc.org;
>       x-dkim-rep=neutral (-100 from al.dkim-reputation.org)
>                                     header.d=mipassoc.org
>
> Standardizing this method will allow to remove the "x-". Presumably,
> "al.dkim-reputation.org" should live in a "host=" sub-field rather
> than inside a comment.
>
> * Ditto for ADSP.
>
> * "Report" and "Reported" as IMAP keywords for requesting to send an
> abuse report and, respectively, flagging that as done --OT here.
>
> * "Report-To" (or "Reportable", or "Abuse-Report-To") as an additional
> Authentication-Result method whereby the MTA responsible for receiving
> the message conveys that, based on other methods and any additional
> knowledge internal to the MTA, that host will accept an ARF for this
> message. The syntax may be something like
>
>     Authentication-Results: resp-mta.example.com;
>       report-to: abuse;
>
> to mean<abuse at resp-mta.example.com>, which would be assumed by
> default in case resp-mta.example.com is an SMTP host (MX/A/AAAA).
> Variations?
>    
Since DKIM is designed to allow signature replay, the IP address seen by 
the border MTA might be needed to squelch messages abusively being 
replayed beyond the control of the signing domain.  A reputation 
response needs to suppress problems while causing minimal disruption.  
To best achieve this, the location of the IP address seen by the border 
MTA should be standardized to better enable centralized assessments.

Correcting abuse will need to determine whether the issue is with the 
signing domain or the sending IP address.  It could invite replay abuse 
by assuming all large ISPs will have their signatures white-listed.  
When abused, this would erode the value of using DKIM reputation.

-Doug

More information about the mail-vet-discuss mailing list