On Mon 13/Oct/2025 07:29:50 +0200 Marco Moock wrote:
On 13.10.2025 14:17 Viktor Dukhovni via mailop <[email protected]> wrote:
Therefore, in the context of MTA-to-MTA (port 25) email relayng, a
client certificate could perhaps be used as a lookup key for client
reputation, that could be more robust than an IP address. And the
DANCE working group client id draft:
For which use case?
A spammer might just get various certificates for different host names
via letsencrypt.
A useful use case would be to certify when a domain/ organization began
operations. RDAP records are difficult to obtain for domain names, and IP
numbers don't have an active-from field.
Certificates have start and end date. However, the not-before date is moved
forward each time the certificate is renewed. It would be helpful to know how
long a domain has been certified, because the reputation of recently published
domains is not meaningful.
Best
Ale
--
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
