ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-05-27 01:07:40
I thought I had. Remember that business about 100 million phishing
attacks being blocked (DKIM alone would not have delivered that... it
was our policy assertion and the acceptance to act on that policy
assertion that made this happen)?

Right.  But then there is the utterly unwarranted leap to claiming
that has any connection to ADSP.  You published your policy by calling
up your friends at large ISPs, not by ADSP.  It is a fine idea to have
a manually maintained list of the handful of domains where there is an
operational benefit to throwing away unsigned mail.  I've configured
my spamassassin that way.

What do I need to show you guys before you accept that I have
demonstrated that ADSP provides operational benefit?

Something that uses ADSP, rather than a hand-configured list of
domains.

The key point that Steve and I keep hammering on is that ADSP does not
scale, because experience tells us that for every domain in Paypal's
situation, a phish target sending only* transaction mail, there will
be 100 or 1000 that think it's "more secure" and will publish
discardable even though they're not phish targets and there is real
unsigned mail with their return address.

The one data point we have about ADSP is the IETF list where the ADSP
led to bad results.  Does anyone have positive experience with ADSP?
I haven't seen any yet.

R's,
John

* - I am optimistically assuming that Paypal is in the process of
separating its transaction and individual mail streams so this will
be true.



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>