[ietf-dkim] on the scope and necessity of threat analysis
moore at cs.utk.edu
Sun Aug 14 07:07:00 PDT 2005
> And I'm not even bothering with your bald claims about futility
> of reputation.
I don't care what you think. I care about improving Internet email in
such a way that it's much more resistant to spam, viruses, and forgeries
than it is now.
It's silly to assume that the nature of undesirable mail will be the
same as it is now when conditions change, especially when history
demonstrates the opposite. So it's necessary to try to predict the
effect of changing conditions. Assuming that the bad actors will do
what we want them to do isn't likely to result in an accurate prediction.
>> A sufficiently large number of 'legitimate' advertisers can fill up
>> your mailbox even more effectively than a small number of 'rogue'
>> advertisers, even if most of the 'legitimate' advertisers make a
>> reasonable effort to send the mail only to those they think want to
>> receive it.
> Those "legitimate" advertisers can do that today.
Indeed, this is already happening, and it's slowly getting worse. But
the early adopters see spam filters and public opinion against the "bad"
spammers as barriers to acceptance of "good" advertising (i.e. the spam
that they send out). These people _want_ authentication because they
believe that it will reduce the need for such filters and they believe
that public acceptance of their advertising will increase once they get
rid of the riff-raff.
Personally I don't care so much whether the advertising cluttering my
inbox is for consumer products or for confidence schemes and sex
enhancement products - it's still making it difficult to find the
messages I want to read.
> Again, you might be making an argument that the status quo is here to stay,
> but you're not making an argument that things will be worse.
I'm making an argument that phenomena that currently exist will get
worse in the presence of DKIM in the form in which it's currently being
More information about the ietf-dkim