But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list. Manually, there is confidence in understanding the
ramifications. Self published (ADSP) there is no assurance in the
understanding of the ramifications. Therefore the data collected from
one method is not applicable to the other? The end result (discarding)
would somehow end up different?
The discarding would be the same, but the mail that got discarded would be
different. In particular, from the point of view of my mail users, the
cost of losing a real notification from Paypal is low, since all the info
is on their web site, and the value of dropping an unsigned message is
high since it is (give or take Steve's numbers) likely to be a phish.
For random domain X that is not a phish target and sends mail that is not
notifications, the cost of losing a real message is high, since it was
probably a message with real content, and the value of dropping an
unsigned message is low, since it's most likely a real message that got
its signature broken somehow.
John, is your manually maintained list done in co-operation with the
those in the list?
To the extent that they are domains that I know are phish targets, send
predominantly transactions, and have stated that they sign all their mail,
yes. If you mean did I call them up and ask if I should put them in my
drop list, no.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html