[ietf-dkim] list vs contributor signatures, was Wrong Discussion
johnl at iecc.com
Wed Jun 2 06:20:41 PDT 2010
>Similarly, with ADSP you don't have to rely on published information, and
>when information is published, you don't have to guess whether the
>publisher is competent. You can maintain your own list of domains that you
>trust to get ADSP right, and use standard software to apply that judgement.
Manual drop lists are a fine idea, but what do they have to do with ADSP?
>1. Code reuse: Although you may choose to maintain your drop list, you
>don't have to write software for your MTA, you can just configure it.
I'm happy to reuse the manual drop code in Spamassassin. I still don't
see what it has to do with ADSP.
>2. Discoverability: You can find out from ADSP publications that the sender
>cares about this stuff. OK, it's still a leap to add them to your drop
>list, but you do at least have somewhere to start.
Here's a thought experiment: let's say you have your list of domains
that are known to be phish targets that sign their mail, so you drop
unsigned mail, and they all happen to publish ADSP. Someone's ADSP
record goes away. Is it more likely that they've stopped signing
their mail, or that their ADSP record is temporarily messed up? Why?
More information about the ietf-dkim