[Asrg] domain-based feedback loops (Re: Dictionary Attacks)
J.D. Falk
jdfalk at returnpath.net
Wed Nov 19 12:51:07 PST 2008
On 19/11/2008 11:50, "Ian Eiloart" <iane at sussex.ac.uk> wrote:
> Most feedback loops are IP address based, but I've just read that AOL are
> intending to implement a dkim/domain based feedback loop.
>
> <http://www.returnpath.net/blog/2008/11/aols-plans-for-domain-reputati.php>
I'm glad you found the article interesting.
Yahoo! has had an FBL based on DomainKeys for some years. They were the
first and (until AOL's announcement) only ISP to do so. (I worked there at
the time, and designed it.)
There are four really cool (in my mind) things about DK or DKIM domain-based
feedback:
1. feedback can be routed correctly even if the message was forwarded or
otherwise resent
2. feedback can be routed to different domain owners (or different report
recipient addresses) who send different domains through the same IP or set
of IPs
3. when a domain owner starts sending through new/different IPs, the
feedback follows
4. it encourages use of authentication (always a nice side benefit)
I'll be writing more about this stuff for the returnpath.net blog in the
near future.
More information about the Asrg
mailing list