On 6/14/10 7:07 AM, John R. Levine wrote:
I would appreciate you describing in detail this "collateral damage". If
it involves discarding of mail from the domain in question then it is
not collateral. What else do you have for us?
It's collateral to the extent that one's users complain about not getting
perfectly good mail. "Your friend's mail admins glorp plugh ADSP grungle
bleep" isn't a very satisfactory response to users. Pointing to
legalistic language in some web page with a three letter acronym won't
help.
There's also the problems that have been noted with people bouncing off
mailing lists. Yes, in that case both ends are doing the wrong thing, but
if either did the right thing and forgot about ADSP we wouldn't have the
problem.
John,
How will "doing the right thing" with ADSP resolve mailing list abuse?
The sooner we stop wasting time trying to fix ADSP and start getting
shared drop lists, the sooner there's some hope of using DKIM to keep
simple forgeries out of peoples' inboxes.
Is a shared-drop list an improved "discardable" list, and what does
"discardable" mean in respect to Author Domain Signing Policy? Should
all critical and potentially phished transactions be marked
"discardable" and not generate DSN?" Should "all" be receive the same
delivery treatment as "discardable"? Does "discardable" mean something
other "all" and no NDNs? Should ADSP also indicate whether third-party
services are being used?
Reputation alone will not resolve abuse issues with a steady increase of
abuse coming from reputable sources, and reputation certainly will not
resolve a phishing issue, especially when senders are compelled to
change email domains without a means to specifically and unilaterally
authorize third-parties. Any general third-party authorization would
increase abuse emitted by mailing lists, which would prove counter
productive, especially without a defined method to identify third-party
services.
Of course, it remains possible for senders to make such a list
themselves and to note how third-party services can be identified. An
authorization scheme would leave "drop lists" control in the hands of
the senders being trusted, or in the hands of their delegated authority
(detail will be added in the draft to explain this function).
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html