[ietf-dkim] on the scope and necessity of threat analysis

[Keith Moore]

> And I'm not even bothering with your bald claims about futility
> of reputation.

I don't care what you think.  I care about improving Internet email in 
such a way that it's much more resistant to spam, viruses, and forgeries 
than it is now.

It's silly to assume that the nature of undesirable mail will be the 
same as it is now when conditions change, especially when history 
demonstrates the opposite.  So it's necessary to try to predict the 
effect of changing conditions.  Assuming that the bad actors will do 
what we want them to do isn't likely to result in an accurate prediction.

>> A sufficiently large number of 'legitimate' advertisers can fill up 
>> your mailbox even more effectively than a small number of 'rogue' 
>> advertisers, even if most of the 'legitimate' advertisers make a 
>> reasonable effort to send the mail only to those they think want to 
>> receive it.
> 
> 
> Those "legitimate" advertisers can do that today.

Indeed, this is already happening, and it's slowly getting worse.  But 
the early adopters see spam filters and public opinion against the "bad" 
spammers as barriers to acceptance of "good" advertising (i.e. the spam 
that they send out).  These people _want_ authentication because they 
believe that it will reduce the need for such filters and they believe 
that public acceptance of their advertising will increase once they get 
rid of the riff-raff.

Personally I don't care so much whether the advertising cluttering my 
inbox is for consumer products or for confidence schemes and sex 
enhancement products - it's still making it difficult to find the 
messages I want to read.

> Again, you might be making an argument that the status quo is here to stay,
> but you're not making an argument that things will be worse.

I'm making an argument that phenomena that currently exist will get 
worse in the presence of DKIM in the form in which it's currently being 
described.

Keith