On 10/30/09 6:49 AM, Eliot Lear wrote: > > Early in the discussion, I thought we were talking about the envelope. > Validating the envelope seems to me useful, if only because it provides > a way to reduce the number of bytes sent, and believe it or not, this is > still a problem in certain parts of the developing world, where > bandwidth is still expensive. Right now some solve the problem with > upstream filtering. That has its own set of problems that are as much > political as technical.
Unless most connection are not accepted, a small network can not be protected. Such a system would either depend upon external filtering or a combination of IP address reputation, with perhaps the sampling questionable connections to leverage IP address good reputation with selective inclusion of IP addresses having unknown reputation. A good defense would likely entail tracking EHLO hostnames looking for consistency, simply because bot-nets notoriously provide inconsistent information. This approach may block "localhost" hostnames and the like, but these typical misconfigurations represent a small percentage of legitimate email. What is left may then be confirmed as desired through other means. DKIM might be such a means, especially when disparate elements can be combined to offer unique identifiers that leverage prior trusted elements. This might be an authorization of a mailing list from a known From domain, for example. The authorization could be established through the use of the TPA-Label. Even EHLO hostnames can be authorized by this scheme. The small network might then be able safely expand their acceptance lists and perhaps eventually become fairly independent once the size of this list has grown to a few million entries. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
