On 9/27/23 13:36, Brotman, Alex wrote:
I've attached a draft that uses attributes of a passing DKIM
signature to create a DNS label that can be used to discover an FBL
address. This feedback address can be used by message receivers to
provide a copy of FN (and potentially FP) (Spam/Not-Spam) reports to
the DKIM signers. This allows for entities to perhaps sign with more
than one signature, and provide feedback to each signer if desired
(or each can list multiple rcpts if desired). With traditional FBLs,
the lookup is likely based off the final sender IP address, which
could be the original sender, or an intermediary. This DKIM-based
method could aid both MBPs and ESPs in fighting outbound abuse from
their platforms. There are also methods in the document to attempt
to do more to make reports smaller, aiding storage and PII concerns.
Thanks for your time and feedback.
I'm not clear why would DKIM selectors (s=) be involved in the DNS name
generation. There are people who change selector for each message. In
general, selectors play no role in identification and are solely used
for key rotation. I guess your spec derives from seeing per-campaign
selectors, but I doubt it is a common habit. I'd suggest using
subdomains for such purpose.
For a nit, consider the term "reporter" in the last paragraph of the
introduction:
By allowing reporters to discover the destination on their own, this
should make getting FBLs to the original DKIM signer(s) easier.
As you hold that FBLs are reports from users to their MBPs, which only
in some situations are forwarded to the original sender, the term may
sound ambiguous. I'd suggest "reporting MBPs" instead.
For discussion, it'd be interesting to analyze similarity and
differences with List-Unsubscribe:, for FNs. How would a MBP decide
whether to make use of one, the other, or both methods to signal its
user's reaction?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
