Re: Buckets of spam coming through IETF lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/Apr/11 16:01, Dave CROCKER wrote:
> On 4/1/2011 9:08 PM, Fred Baker wrote:
>> On Apr 1, 2011, at 10:28 PM, John R. Levine wrote:
>>> Some clever spambot seems to have scraped a bunch of addresses out
>>> of the
>>> archives and is sending spam with multiple addresses on the From: line
>>> through IETF and IRTF mailing lists.  Surely I'm not the only one
>>> who's
>>> seeing it.
>>
>> DKIM is directly designed to address this... What do we need to do
>> to put it in play?
> 
> Unfortunately, DKIM is /not/ designed to address this.  DKIM is designed
> to provide a reliable, accurate identifier upon which reputation data
> can be developed.

Yet, as the MLM-draft documents:

  MLMs typically attempt to authenticate messages posted through them.
  They usually do this through the trivial (and insecure) means of
  verifying the RFC5322.From field email address (or, less frequently,
  the RFC5321.MailFrom parameter) against a list registry.  DKIM
  enables a stronger form of authentication, although this is not yet
  formally documented: It can require that messages using a given
  RFC5322.From address also have a DKIM signature with a corresponding
  "d=" domain.  This feature would be somewhat similar to using ADSP,
  except that the requirement for it would be imposed by the MLM and
  not the author's organization.
               http://tools.ietf.org/html/draft-ietf-dkim-mailinglists

It would be interesting to implement such authentication for IETF
lists, e.g. as part of some IETF Code Sprint.  It will alleviate
moderation, although it will require some maintenance for itself.

> That's a fundamentally different task from detected invalid From:
> field contents.

Likewise, DKIM hardly supports non-repudiation of content, if at all.

> ADSP, and add-on to DKIM, is felt by its promoters to be useful for
> detecting invalid From: fields, but it does not work through
> mailing lists.

The "somewhat similar feature" described in the MLM-draft assumes that
(some) posters consistently use submission servers that DKIM-sign
relayed mail.  Thus, the MLM can automatically reject posts claiming
to be from such posters, if they are not validly signed.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]