Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion
2010-04-30 16:56:09
On Apr 30, 2010, at 11:05 AM, Michael Thomas wrote:
On 04/30/2010 07:38 AM, McDowell, Brett wrote:
On Apr 30, 2010, at 10:23 AM, Michael Thomas wrote:
On 04/30/2010 07:05 AM, McDowell, Brett wrote:
But since mailbox providers already manage reputation at scale, how much of
a burden is adding this bit to the mix? Remember this only affects mailbox
providers who have decided to do DKIM blocking based on ADSP discardable
policies (for some, if not all senders).
Let's put aside whether there's something new here for the moment (i've not
had my
coffee yet...). By all rights, we should not be having this conversation
right now
at all because you have set adsp discardable. So even if we adopted some
bcp-like
advise for mlm and receivers, it would be years if not forever before we
could have
a reliable conversation on this and other lists again. Maybe at paypal that's
an
acceptable tradeoff (?), but at my previous employer, all standards work, for
one,
would cease and there would be lots of engineers with pitchforks and torches.
So what I'm getting at here is that I'm having a hard time understanding how
the
bootstrap doesn't fail for most sending/receiving entities. As I'm sure you
know,
false positives drive mail admins to complete distraction... which is the
situation
it looks to me that you're willing setting up.
That said, you (paypal) are far braver than I am, but if you can make this to
work
somehow as a large enterprise that would be a pretty amazing accomplishment.
Mike
Talking about the status quo is to talk about how every ISP/MBP (btw, is it
common practice to refer to a "mailbox provider" as a MBP?) has decided to deal
with "discardable" ADSP policies given they ALL KNOW that some common Internet
practices break DKIM. I'm not sure why that's a useful discussion to have in
this forum. I thought we wanted to talk about how to change the status quo so
DKIM signatures aren't made irrelevant by common Internet mail practices like
MLM's.
Just so everyone knows, even some of the ISP/MBP's working with us who are
equally committed to curbing paypal.com phishing attacks by means of DKIM and
ADSP, are sorting out how they want to handle the gray areas when they see
evidence that the message was 'probably validate-able' when it started but
something that is 'probably not criminal' happened along the way so I can no
longer validate... so let me... make it up as I go and iterate until the
standards evolve to remove/reduce this problem.
That in fact is why my emails *are* being delivered to at least one gmail.com
user on this list.
So the status quo is ugly at best.
Is there any will in this group (aside from my own) to evolve the standards to
improve the status quo?
<soapbox>
Are the rest of you as concerned about the damage fraud messaging can have to a
user's computer, identity, and all systems on the Internet accessible from that
computer? I know I don't have to say this, but... this isn't just about
stopping annoying ads for viagra. And it isn't just about financial
institutions' monetary losses due to account takeover attacks enabled by
phishing. It's about the trustworthiness of the Internet and addressing the
A#1 channel criminals use today to undermine the integrity of this amazing
infrastructure all of us have enjoyed and many of *you* have created.
</soapbox>
-- Brett
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, (continued)
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Douglas Otis
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John R. Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Jeff Macdonald
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Michael Thomas
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Michael Thomas
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion,
McDowell, Brett <=
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, John Levine
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, John Levine
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, Douglas Otis
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, McDowell, Brett
- Re: [ietf-dkim] what do mailing lists do, was list vs contributor, John Levine
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, Ian Eiloart
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, McDowell, Brett
- Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion, SM
|
|
|