On Thu, 15 Oct 2009 16:19:36 +0100, John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
No, ADSP adds the ability for senders to make unverified assertions
about their signing practices. Unless you already have some
knowledge about the domain, you have no idea whether it would be
useful to believe it.
On the contrary, it adds the ability for domain owners to make those
asertions. Assuming that the domain owner has control of his own DNS
records, those assertions are as reliable as the reputation of the
relevant Domain Registrar (you can argue about how reliable that is,
if you wish).
Huh? Maybe things are different where you live, but in this part of
the world, registrars like Godaddy have millions of customers and know
nothing more about them than that their credit card charge for $8 was
approved. It's hard to imagine how anyone could think that a
registrar would know anything at all about its customers mailing
practices.
I think you have missed the point. A malicious registrar might add/change
an ADSP record, contrary to the instructions of the domain owner who is
paying him.
But I doubt Godaddy is that malicious. Generally speaking, if you see an
ADSP resord, you can be 99.9% sure that it is there on the instructions of
the domain owner, and therefore does not require further verification.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html