,--- | 2.3.2. Within Claimed Originator's Administrative Unit | | ... Since the submission of | messages in this area generally occurs prior to the application of a | message signature, DKIM is not directly effective against these bad | actors. Defense against these bad actors is dependent upon other | means, such as proper use of firewalls, and mail submission agents | that are configured to authenticate the sender. '---
While currently DKIM does not offer a standardized means to both track and immediately revoke abuse emanating from the originating domain, abuse of this nature represents a substantial portion of the abuse problem. The dkim-options draft illustrates mechanisms comprised of persistent Opaque-IDs and revocation records. By using a persistent O-ID, the AdmD source of abuse can be tracked and readily reported by third-parties. Resolution of the abuse is also made apparent by use of the revocation record. This scheme neither exposes or depends upon an email-address.
http://www.ietf.org/internet-drafts/draft-otis-dkim-options-00.txt Should be: : Although the submission of messages may be prior to the application : of a message signature, submissions are commonly authenticated : internally within the AdmD by mail submission agents. By including : a persistent identifier within the signature, a substantial source : for email abuse can be abated with the use of DKIM. The identifier : itself can be block-listed by the sending domain immediately : without requiring the expiry of a key TTL. Defense against bad : actors is also improved with the proper use of firewalls and OS : maintenance. _______________________________________________ ietf-dkim mailing list http://dkim.org
