nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers)

From: "J.D. Falk" <jdfalk () cybernothing org>
Date: Sun, 6 Feb 2005 09:41:35 -0800

On 02/05/05, Douglas Otis <dotis () mail-abuse org> wrote: 


On Sat, 2005-02-05 at 19:10, J.D. Falk wrote:

On 02/05/05, Douglas Otis <dotis () mail-abuse org> wrote: 


DK or IIM makes it clear who is administering the server and this
authentication permits reputation assessment.  Add an account
identifier, and the problem is nailed.


Ah, so you're saying that only the reputation of individual
e-mail addresses is worth paying attention to?  How do you
expect that to scale to billions of messages per day?


Without authenticating an identity, it must not be used in a reputation
assessment.  Currently this is commonly done by using the remote IP
address authenticated through the action of transport.  In the name
space there are two options, the HELO and a validated signature.  DK and
IIM are attempting to allow the signature solution to scale.


        Heh, you don't need to convince me that DomainKeys is a good
        idea.  I just don't see how you're jumping from the issue of
        end-user authentication (which is not free from zombies, as 
        others have explained already) to domain-level reputation.  
        Where's the link?  If you're talking about adding user-level 
        signatures to something like DomainKeys (which we already have 
        in s/mime), how do you propose to scale that to interact with
        the reputation determination for billions of messages per day?

-- 
J.D. Falk                                          uncertainty is only a virtue
<jdfalk () cybernothing org>                    when you don't know the answer yet
Previous By Date Next
Previous By Thread Next

Current thread: