do you believe John, who never believed in ADSP and has repeatedly said
that he hope it fails, and who has a microscopic amount of deployment
experience if any at all. Or do we believe Brett/paypal that ADSP is
providing benefit *today* in the form of 100's of millions of thwarted
phishes, and that ADSP is the only way he can get things to scale
beyond handshakes in the Valley.
Indeed. Only, I think it's a little more complicated than that.
PayPal has good experience with independent arrangements that behave
like ADSP, and they expect it to translate to good and broader
experience with ADSP. On the other hand, they have some bad
experience with ADSP, which they expect to meliorate with a change
that Brett hasn't described yet.
On the other hand, John and Steve expect that the benefits PayPal is
seeing in thwarted phishing messages will be short-lived, as phishers
just change domain names, and send out just as many messages as
before, fooling just as many recipients into thinking they're from
PayPal.
We will certainly need data collected over time to determine whether
there's any long-term reduction in unblocked phishing messages as a
result of ADSP. I'm eager to get that data. We'll also need some
analysis of whether (and why) PayPal sees some real value in ensuring
that successful "PayPal" phishing messages do not actually have
"paypal.com" in the "from" field. I'm eager to see that, too.
Barry, as participant
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html