[ietf-dkim] on the scope and necessity of threat analysis

[Michael Thomas]

Keith Moore wrote:
> Michael Thomas wrote:
> 
>> Keith Moore wrote:
>>
>>> If then only bad actors we were concerned about were phishers then 
>>> I'd agree.  When we include spammers in the set of bad actors then 
>>> the situation becomes less clear.  Making it slightly more difficult 
>>> for current bad actors to spam might well make spam considerably more 
>>> attractive for a much larger group of bad actors who don't mind 
>>> authenticating their spam.
>>
>>
>>
>> I'm sorry, but I do not see how this follows at all. Spammers are
>> completely at liberty to identify themselves today. They don't
>> have to forge their addresses, so why don't they join the fun
>> today?
> 
> 
> Many of them are doing so, which is why so many SPF messages are spam.
> 
> You appear to be assuming that the same bad actors who are spamming 
> today will be the ones who are spamming tomorrow.  I am assuming that 
> there is a much larger set of people/companies who would like to spam, 
> but aren't doing much spamming now because under the current set of 
> conditions so much spam is trashy.  Those people want to "raise the bar" 
> to discourage the current spammers in order to make it more acceptable 
> for them to spam.  These people don't believe the products they want to 
> sell you are trashy, and they don't believe they have anything to hide. 
>  But they still want to fill up your inbox with messages that will get 
> in the way of communications you want to participate in.  Some of them 
> even believe that they have a right to fill up your inbox with such 
> messages.

And I have the right to put them on my blacklist and tell all
my friends. And I don't even need to guess where they are
since they'll be using a name binding rather than hiding behind
a zombie army.

Really, you said that it would make things *worse*. I must have
missed the quod erat demonstrandum.

		Mike