--On 28 May 2010 13:26:28 -0700 Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list.
There is a key semantic difference which, I believe, makes for a key
difference in utility.
In a manually maintained list, there is an independent assessment of what
domain names are worth worrying about. (The independence is from the
owner of the domain. The assessment might be by a third part or it
might be by the recipient.)
The owner-based list is a statement by the domain owner, themselves, of
what domains the recipient should handle in a particular way.
An important problem with this latter model is how noisy it is. Both the
domain owner and the transmission process introduce significant errors.
By contrast, the former model can incorporate a conformance metric into
the decision whether to list the domain.
Actually, the difference is less than you think. It's quite possible to
combine both models. Spamassassin, for example, allows you to maintain a
list of domains for which you should treat SPF or DKIM matches or fails in
a particular way. For example, you could tell spamassassin to blacklist SPF
fails for certain domains, or whitelist messages DKIM signed by certain
domains.
Effectively, you're applying your own domain reputation system, and using
SPF or DKIM published information to make the reputations more usable.
Similarly, with ADSP you don't have to rely on published information, and
when information is published, you don't have to guess whether the
publisher is competent. You can maintain your own list of domains that you
trust to get ADSP right, and use standard software to apply that judgement.
Several benefits are gained from ADSP:
1. Code reuse: Although you may choose to maintain your drop list, you
don't have to write software for your MTA, you can just configure it.
2. Discoverability: You can find out from ADSP publications that the sender
cares about this stuff. OK, it's still a leap to add them to your drop
list, but you do at least have somewhere to start. If a large sender and
receiver come to a private agreement about DKIM use, then only they
benefit. If they choose to use ADSP to implement that agreement, then other
mail systems can also benefit.
3. Discussability: given that it's a standard, potential users can read
about best practice, and senders and receivers have a common language to
talk about how things should work.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html