On Wed 16/Aug/2023 20:19:44 +0200 Dave Crocker wrote:
On 8/16/2023 10:48 AM, Murray^W Ale wrote:
Yet, an open
signer is for DKIM the equivalent of what an open relay is for SPF.
It is nothing of the sort.
Open relays perform a relaying function, which actively moves mail, where the
abuse is a) obfuscation, and b) fan-out.
Yup, I meant just from an SPF point of view, without the SMTP part.
What you are calling open signer allows adding any domain's authenticated
identity onto the message, which permits other sites to develop and evaluate
the reputation of the mail stream that uses the identity.
The former is abuse. The second is potentially useful.
Since you think otherwise, please explain.
Maybe, instead of an open relay, I should've considered a site publishing this:
"v=spf1 ip4:0.0.0.0/1 ip4:128.0.0.0/1 ip6:0::/1 ip6:8000::/1 +all"
So it doesn't perform the moving function.
Either produces a waste of authentication checks at receivers. Everybody can
get anything authenticated. The reputation others can develop from that is
white noise. I don't think it's useful.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
