[ietf-dkim] Is anyone using ADSP? - bit more data from the receiving side
John R. Levine
johnl at iecc.com
Mon Oct 12 19:24:01 PDT 2009
[ this is also well trodden ground, so I will again try and keep this short ]
>> Short summary: DKIM and ADSP offer no meaningful defense against spoofing.
> Shorter summary: The WG charter says there should be
Yes, there was considerable naive optimism in the charter.
We all agree that it would be great to have a scheme to spoof-proof mail.
But ADSP isn't it, for the reasons we've all gone over, no matter how much
we might wish that it were.
>> * At this point, the only significant spoof targets that sign all
>> their mail are Paypal and ebay.
>
> Who notably haven't deployed ADSP despite their strong business case.
I can assure you that Paypal and eBay are quite aware of DKIM and ADSP,
and I have personally heard them encourage ISPs to drop unsigned mail
purporting to be from them due to the amount of forgery. Nonetheless,
they don't publish ADSP. This tells me that I'm not the only one who
thinks that there isn't a business case for ADSP.
R's,
John
More information about the ietf-dkim
mailing list