----- "Michael Adkins" <[email protected]> wrote: > > > I thought about putting the "I want ARF reports" information in the > > email or in the DNS. > > > > If it is solely in the DNS, then for every DKIM message, you have to > > query the DNS, to check if the signing domain wants ARF reports. I > > suspect most will not want them, or know what's that. This process may > > commit uneccessary resources. I feel important to state in the email > > that the signer wants an ARF report, and that the DNS could be used to > > verify that statment. > > > Not for every signed message. Only for every signed report. Report > generators have to query DNS to send the report anyway.
What I'm trying to asses is do you query the DNS for every signed message that is reported, or only for the ones which have a domain or d= that is registered with you to receive ARF reports. Also this would add one DNS query to the set of queries. It is additional resources. It may be early, but just trying to asses what is the least costly for the reporter. > > We currently send reports to over 80k domains. I would wager that the > domains who currently sign are a subset of those (spammer domains > included), but if someone actually wants me to dig around to prove it I > suppose I can. Going forward, domains that care enough to sign their > mail will care enough to want abuse reports. > > > On privacy issues, some ARF processors strip the report from any > > potential user identification, To: Message ID, email in the content > > etc... > > That's to protect the privacy of the reporter, not the privacy of the > message author. You would be surprised how many folks on shared IP > addresses try to get an FBL for the entire IP address instead of just > their domain. DKIM based FBLs should clear up that specific issue, but > I'm sure there will be some new 'gotcha'. > correct, I mean I agree, but you know also that in the case of mailing lists, the sender puts a fingerprint to circumvent this anonymization process, otherwise, the report would be mostly useless.
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
