There is a difference between intending end-user benefit, versus
intending end-user processing.
I suppose so. I'm talking about intending end-user benefit. The only
reason any mail administrator turns on a filter is to provide benefit to
end-users.
If the goal is end-user processing of differential information about
domain names in the From: field, then I urge us to shut the effort down
now.
This is not the goal.
Users will not distinguish between
info(_at_)accounts(_dot_)bigbank(_dot_)com and
info(_at_)accounts-bigbank(_dot_)com(_dot_)
Right, but filtering agents will and they are now being offered a
mechanism to eliminate an entire category of exploitation emails.
No matter how much you protect the use of one, you cannot protect
against use of the other. So, cousin domains provide an utterly trivial
path for bypassing the intended end-user protection.
So, are you saying that because we don't provide protection against
"cousin domains" we should drop our effort to provide protection against
mis-use of "exact domains?"
Standards are costly to develop, deploy and use. A global standard
had better provide strategic benefit. That means persistentAs
explained, this won't do that. Even if one believes that it "protects"
the name space it seeks to protect, the ability to bypass that
protection trivially means that there is no real end-user benefit.
I don't think so. Forcing phishers to use accounts-bigbank.com when
today they are free to use bigbank.com directly is a significant step
forward both for receivers and senders. Receivers benefit because no
matter how similar accounts-bigbank.com appears to a human no filtering
agent will be confused into equating it with bigbank.com and that has
important implications for accurate filtering. Senders benefit by
regaining some measure of control over the use of their own domain which
for many is an important corporate brand and business asset.
As a consequence, what you claim as protection really is not
meaningful protection.
It seems meaningful enough to me.
Some of us in this working group have some background in human factors,
usability, user-centered design, and the other topics (and buzzwords) of
the human side of computer use. Most of us do not. As a working group,
we have amply demonstrated a complete lack of skill in designing for
end-user processing. So we need to stop trying.
We're not trying. All I've pointed out is that the purpose for using
filters is to benefit end-users. Are you disputing the truth of that claim?
Filtering engines, on the other hand, are far more tractable as
targets. As a group, we know a fair amount about them. They can be
taught to map a particular domain name to a particular reputation and
then apply that diligently. However as has been noted, filtering
engines are more typically using precise strings, rather than name
"root" strings.
In any event, this basic confusion about intended use of ADSP is one of
the several reasons there is no real consensus about it or its features.
I don't think anyone's confused about where ADSP fits. It's a piece of
the mail filtering process.
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html