[Asrg] where the message originated (was: DKIM role?)
Ian Eiloart
iane at sussex.ac.uk
Mon Jan 12 02:29:26 PST 2009
--On 9 January 2009 09:44:11 -0800 Douglas Otis <dotis at mail-abuse.org>
wrote:
>
> On Jan 8, 2009, at 12:43 PM, SM wrote:
>
>> At 12:10 08-01-2009, Douglas Otis wrote:
>>> There are methods that can be used to limit risks related to
>>> whitelisting domains. Often these involve capturing prior
>>> conversations and noting where the message originated. The
>>> locations might then be expanded to CIDRs, routes, or acquired
>>> address lists.
>>
>> Is it that important to note where the message originated? Although
>> the where is commonly used as input for lack of a better reference
>> point, it can be a problem when renumbering a network or for mobility.
>
> White-listing based upon a domain would be dangerous without also
> including the IP address of the SMTP client and message tracking. There
> are companies currently providing this service, particularly needed where
> spam remains largely unmanaged.
>
Absolutely. That's the point of SPF and DKIM. The reason that I don't
whitelist sender domains or addresses is that they're so easy to forge at
the moment. With deployment of SPF and DKIM, there are domains that I'd be
willing to whitelist given either a good SPF or DKIM match. In fact, there
are top level domains like .edu, .gov, .ac.uk, .gov.uk, .sch.uk, .coop, and
so on that I'd be prepared to conditionally whitelist because the
registration process is tougher - though I might find myself making
exceptions if certain subdomains didn't behave reasonably.
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list