--On 23 June 2010 13:09:30 +0000 deepvoice(_at_)gmail(_dot_)com wrote:
Since Amazon set it up in the first place, wouldn't they be keenly aware
of the service signing issues?
Well, if they're using ADSP, then they have a chance. But it's going to be
difficult for them to keep track of the third party assertions made about
Are you making the assumption that all third party lists would be equally
credible? That's no more likely than all DNSBLs being equally credible.
In both cases, the good ones will make sure their data is correct,
maybe by backchannels to the underying providers (see the Spamhaus PBL
for an example of that) or by some kind of feedback watching the mail
they make assertions about. The bad ones won't do that, and won't be
useful. (See any number of useless poorly run DNSBLs for an example
I'm not attempting to invent a way to ensure that all assertions are
correct. It's a way to collect assertions into small enough groups
that it's practical to do manual checks of the credibility of each
NOTE WELL: This list operates according to