[Asrg] where the message originated (was: DKIM role?)
Douglas Otis
dotis at mail-abuse.org
Fri Jan 9 09:44:11 PST 2009
On Jan 8, 2009, at 12:43 PM, SM wrote:
> At 12:10 08-01-2009, Douglas Otis wrote:
>> There are methods that can be used to limit risks related to
>> whitelisting domains. Often these involve capturing prior
>> conversations and noting where the message originated. The
>> locations might then be expanded to CIDRs, routes, or acquired
>> address lists.
>
> Is it that important to note where the message originated? Although
> the where is commonly used as input for lack of a better reference
> point, it can be a problem when renumbering a network or for mobility.
White-listing based upon a domain would be dangerous without also
including the IP address of the SMTP client and message tracking.
There are companies currently providing this service, particularly
needed where spam remains largely unmanaged.
> Did this message reach you because:
>
> 1. it came from the irtf.org domain
>
> 2. it came from the ASRG email address
>
> 3. it came from an IP address associated with 1 or 2
>
> 4. it came from a CIDR block you view as "safe"
The algorithm can remain oblivious to who owns the SMTP client. It
determines whether a conversation was observed, while also allowing
also users to submit corrections.
A reduction in the false positive detection of spam is achieved
through conversation tracking. Some exceptions are needed to
accommodate one-way traffic, which often represents transactional
notifications. There are services doing this today by using two tiers
of information.
-Doug
More information about the Asrg
mailing list