nanog mailing list archives
Re: Micorsoft's Sender ID Authentication......?
From: Douglas Otis <dotis () mail-abuse org>
Date: Thu, 09 Jun 2005 15:28:19 -0700
On Thu, 2005-06-09 at 13:54 -0700, william(at)elan.net wrote:
On Thu, 9 Jun 2005, Barry Shein wrote:
When somebody else looks at your activity and makes "subjective" judgment (mostly based on multiple reports from users) and then lets this judgment about your activities be available to other users then its reputation.
This judgment of activities should be premised on knowing who is actually accountable for the activity. With either SPF or Sender-ID, this mechanism is just offering server authorization. When the mailbox-domain appears to be supported by server authorization, without also assuming all preceding MTAs ensure exclusive use the specific mailbox-domain, it could be incorrect to conclude the mailbox-domain originated the message. Domain owners are not clearly warned by the respective drafts of this add MTA requirement when reputation is involved. Both drafts suggest the mailbox-domain may subsequently accrue a reputation, when supported by server authorization. The SPF camp elected to drop scoped records, which would have allowed the sender to declare which mailbox-domain has been assured exclusivity. Sender-ID will also use this record to discover authorization for either the Purported Responsible Address (PRA) or the bounce-address. The "opt-out" solution offered by Sender-ID will create problems at some destinations, which means both the PRA and bounce-address require exclusivity at the MTA. Snap goes the Sender-ID reputation license trap. Both schemes demand greater diligence by MTA administrators when mailbox-domain authorization/reputation schemes are implemented, while simultaneously leaving negligent MTA administrators unscathed. While this may seem like great news for the MTA administrator, and bad news for domain owners, it risks litigation. The mailbox-domain owner is otherwise without recourse, when finding their domain blocked. -Doug
Current thread:
- Micorsoft's Sender ID Authentication......? Fergie (Paul Ferguson) (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Daniel Golding (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? John Levine (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? J.D. Falk (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Suresh Ramasubramanian (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Tony Finch (Jun 08)
- Re: Micorsoft's Sender ID Authentication......? Suresh Ramasubramanian (Jun 08)
- Re: Micorsoft's Sender ID Authentication......? John Levine (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Barry Shein (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? william(at)elan.net (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Douglas Otis (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Daniel Golding (Jun 07)
- Re: Micorsoft's Sender ID Authentication......? Stephen Sprunk (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Matt Ghali (Jun 09)
- Re: Micorsoft's Sender ID Authentication......? Valdis . Kletnieks (Jun 10)
- Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Andre Oppermann (Jun 10)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Suresh Ramasubramanian (Jun 10)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Barry Shein (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Steve Sobol (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Valdis . Kletnieks (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] Steve Sobol (Jun 11)
- Re: Economics of SPAM [Was: Micorsoft's Sender ID Authentication......?] william(at)elan.net (Jun 11)