Florian Sager wrote: > http://www.mipassoc.org/arf/specs/draft-shafranovich-feedback- > report-02.html#rfc.section.4 claims that the original email has to be > contained (with rather few modifications). Unfortunately any information > sent back to the signing authority (that should be linked to the > reporting address) can be used to detect the spamtraps (even the > subject, the DKIM identity or the date contained in the first section of > the ARF report could be correlated to a spam trap address). > > Any ideas how to handle this? I guess "give no feedback" is the > unsatisfying solution.
The report doesn't reveal whether that address is a spamtrap, an end user, a role account, or even whether or not that address would ever accept any non-spam message. Or, to stay related to this proposal, it doesn't reveal whether or not that address would ever accept a message which passed DKIM verification. (Some ARF report generators have chosen to redact the recipient address. This is technically a violation of the spec, but they do it anyway and it's pretty clear that nobody's going to talk their lawyers out of it.) -- J.D. Falk Receiver Products Return Path _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
