ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

2010-06-02 14:16:17
On Jun 2, 2010, at 9:33 AM, MH Michael Hammer (5304) wrote:



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
Sent: Wednesday, June 02, 2010 9:21 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion


<snip>


Here's a thought experiment: let's say you have your list of domains
that are known to be phish targets that sign their mail, so you drop
unsigned mail, and they all happen to publish ADSP.  Someone's ADSP
record goes away.  Is it more likely that they've stopped signing
their mail, or that their ADSP record is temporarily messed up?  Why?

Signing their mail does not equal ADSP. "Knowing" they sign their mail
does not equal ADSP. As you have pointed out, ADSP does not equal manual
drop lists. 

The fact that someone's ADSP record - absent any other data points -
goes away, tells us nothing other than their ADSP record went away.
There could be any number of reasons as to why it went away. 

Are we now going to have to write a draft for casting goat bones to
determine the meaning of standards implementations and operational
practices? 

It's really quite simple.

Agreed.

BTW, I'm actually agreeing to this statement in the context it was made :-)

If there is no longer an ADSP record then ADSP
is not applicable.

Well, you'd process that mail as if... there were no ADSP policy because... 
there's no ADSP policy.

Do we really need to publish informational guidance on this point?  If yes, 
then let's do it.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>