> I thought about putting the "I want ARF reports" information in the > email or in the DNS. > > If it is solely in the DNS, then for every DKIM message, you have to > query the DNS, to check if the signing domain wants ARF reports. I > suspect most will not want them, or know what's that. This process may > commit uneccessary resources. I feel important to state in the email > that the signer wants an ARF report, and that the DNS could be used to > verify that statment. > Not for every signed message. Only for every signed report. Report generators have to query DNS to send the report anyway.
We currently send reports to over 80k domains. I would wager that the domains who currently sign are a subset of those (spammer domains included), but if someone actually wants me to dig around to prove it I suppose I can. Going forward, domains that care enough to sign their mail will care enough to want abuse reports. > On privacy issues, some ARF processors strip the report from any > potential user identification, To: Message ID, email in the content > etc... That's to protect the privacy of the reporter, not the privacy of the message author. You would be surprised how many folks on shared IP addresses try to get an FBL for the entire IP address instead of just their domain. DKIM based FBLs should clear up that specific issue, but I'm sure there will be some new 'gotcha'. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
