On Wed, Mar 25, 2015 at 08:03:19PM -0000, John Levine wrote:
> >Any email address oracle service will find its biggest consumer to be
> >spammers. I do not think anyone will deploy such on oracle/service.
The key acquisition protocol in no way changes the fact that
existence of keys discloses existence of addresses.
It makes NO difference what protocol is used to find the address
-> key mapping. Using something other than DNS just makes it easier
to rate control clients, because they are not proxied by their
ISP's DNS cache.
> On the other hand, I think that a lookup service that takes an address
> and returns a key would be workable. Yeah, spammers will try to
> scrape addresses from it, but it's the same attack as RCPT TO probing
> and we have workable defenses against that.
Actually, for the spammer, the DNS is a more attractive oracle,
because queries are cheaper and proxied by ISP caches.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
