Re: Domain reputation

From: Rolf E. Sonneveld <>
Date: Thu, 09 Jun 2011 00:28:12 +0200

Hi, Murray,

On 6/8/11 11:41 PM, Murray S. Kucherawy wrote:
> Hi all,
> The obvious follow-on application to DKIM is one that makes use of the
> data DKIM provides, namely a verified domain name (i.e., the "d="
> value). As a result of some of the OpenDKIM statistics project work,
> I've started working on creating such an application.
> The work is in two parts:
> 1) A set of specifications for doing reputation queries and getting
> replies from a service that wants to provide that information (and
> this is being done generically, so a system could use the same
> mechanism to express a reputation about anything); and
> 2) Use of DKIM to provide reputation data about domains.
> The first part of this is now publicly visible as a set of drafts at
> the IETF that I'm hoping will feed into the creation of a new working
> group. You can see them by going to:
> ...and searching for "reputation".
> If you're interested in this work, namely the development of the
> protocols and specifications, then you should subscribe to this list
> and express your interest:
> It would be especially helpful for people to say they are interested
> in implementing prototypes or participating in experiments, or acting
> as editors of one or more of the documents.

I'd be interested in participating in these efforts, both as editor of
(parts of (some of)) the documents as well as participant in experiments
with reputation data.

> You don't have to go to IETF meetings to participate or act as editor,
> although it helps. Just being on the mailing list is sufficient, and
> you can attend meetings using audio feeds and Jabber as well.
> The second part, the actual data analysis, is underway. That's not
> part of the specification effort, though it provides the data that
> will be part of the replies. That will probably appear in the form of
> a white paper at conferences and such in the not-too-distant future.
> It will be a first application of the protocols being defined, and a
> terrific proof-of-concept.

The data that DKIM provides needs judgement before it can be turned into
reputation data. The mere fact that a message carries a valid DKIM
signature doesn't tell whether the d= domain belongs to a good guy or a
bad guy. What is your vision on that part of the picture, especially in
the light of what has been discussed before, that is: many sites run AS
software and the DKIM data comes only from the messages, that passes the
AS filters. We might be interested also in the messages, that already
were stopped due to DNSBL's, greylisting etc.

Received on Wed Jun 08 2011 - 22:26:00 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:18 PST