No, I don't have any empirical evidence for asserting that it's
certain or likely to occur. But in truth nobody has much empirical
evidence for anything here, so we're reduced to theorizing.
Serious theorizing works carefully from an empirical base, with a clear logic
sequence. This never guarantees that they are correct, but does serve to vet
Theorizing absent this kind of effort is not theorizing. It is fantasizing.
There are an infinite number of possible fantasies and their injection into a
project management effort, such as the start of a standards process, mostly -- I
even suspect exclusively -- serves as distraction, particularly when they are
Now that we've got that out of the way, it's worth working through the
reasoning of why I think (b) is the likely endgame.
It certainly is.
The basic value proposition of any sender authentication system as an
input to filtering is that lets you increase the sensitivity of the
filters, while still obtaining an acceptable overall false positive
Nicely said. (And, by the way, I agree with the statement.)
Imagine that without sender auth, your filters have a false
positive rate of P and a false negative rate of N. With sender auth,
some fraction of those false positives will be eliminated, letting you
dial up the sensitivity of the filter. If we assume that the sender
authentication is perfect, then we get the following:
False positive 0 P' (P' > P)
False negatives 0 N' (N' < N)
But this makes it even more attractive for the good senders to
authenticate their messages (because otherwise they stand a higher
chance of being rejected) which means that the receivers can increase
the sensitivity of their filters, and so on.
> So, at the end of the
day, if something like DKIM is successful, I would expect an
equilibrium where filters are set extremely high and nearly all good
senders authenticate their messages because otherwise they stand
an unacceptably high chance of having them rejected.
I am less certain of "expect" than I am of "hope for".
In any event, that is quite different from *requiring* everyone to sign, or
automatically rejecting all unsigned mail. Yet these are what you were putting
Further as was pointed out at the BOF, the scenario you have describe is a
voluntary community collaboration. So if the outcome you describe occurs, it
will be because the community agrees that they like that outcome.
This makes it really perplexing to view it as a problem.
Ietf mailing list