--On 9 January 2009 09:44:11 -0800 Douglas Otis <dotis at mail-abuse.org> wrote:
On Jan 8, 2009, at 12:43 PM, SM wrote:At 12:10 08-01-2009, Douglas Otis wrote:There are methods that can be used to limit risks related to whitelisting domains. Often these involve capturing prior conversations and noting where the message originated. The locations might then be expanded to CIDRs, routes, or acquired address lists.Is it that important to note where the message originated? Although the where is commonly used as input for lack of a better reference point, it can be a problem when renumbering a network or for mobility.White-listing based upon a domain would be dangerous without also including the IP address of the SMTP client and message tracking. There are companies currently providing this service, particularly needed where spam remains largely unmanaged.
Absolutely. That's the point of SPF and DKIM. The reason that I don't whitelist sender domains or addresses is that they're so easy to forge at the moment. With deployment of SPF and DKIM, there are domains that I'd be willing to whitelist given either a good SPF or DKIM match. In fact, there are top level domains like .edu, .gov, .ac.uk, .gov.uk, .sch.uk, .coop, and so on that I'd be prepared to conditionally whitelist because the registration process is tougher - though I might find myself making exceptions if certain subdomains didn't behave reasonably.
-- Ian Eiloart IT Services, University of Sussex x3148 _______________________________________________ Asrg mailing list Asrg at irtf.org http://www.irtf.org/mailman/listinfo/asrg