Assume, say, one million people who regularly receive valid emails
from their bank (info(_at_)accounts(_dot_)bigbank(_dot_)com). If they
received an email
from info(_at_)mail(_dot_)account(_dot_)bigbank(_dot_)com, how many of them
would believe the
email is really from the bank?
I assure you, lots. Through liberal use of sub-domains via email and
web sites end users have been trained to ignore the sub-domain part
(since it frequently changes) and to focus on the "root domain" part
(which is constant and they either trust or don't trust).
Well, now we have another question -- who's going to be using ADSP, mail
system operators or end users? It's always been my impression that the
main audience is MTA operators, who will use it in filtering decisions.
MTA operators will be using/deploying ADSP. End-users are the intended
beneficiary (as is the case with _all_ filtering systems). The
motivation driving MTA operators to deploy ADSP is end-user protection.
If it's for end users, my experience says that they are equally likely to
be fooled by info(_at_)accounts-bigbank(_dot_)com, which would suggest we've
been
wasting our time.
I agree with the first part of what you've said but the second part does
not follow logically. One can not claim that because we fail to protect
a user completely we therefore aren't able to provide any protection at
all and have thus wasted our time. ADSP isn't attempting to solve the
accounts-bigbank.com problem. But it does solve the foo.bigbank.com
problem. This is wonderful news and a welcome step forward.
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html