On 6/22/10 11:40 AM, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
adsp is an assertion by a sender. John's list is a reputation of the sender's
adsp assertions (WAG)
On Jun 22, 2010, at 2:29 PM, Michael Thomas wrote:
The vbr scheme will not help to mitigate a phishing problem, since it
allows the "authentication" of any number of other domains. As such, it
will not help deal with ADSP issues caused by mailing lists either.
The discard vbr represents roughly the same feature as ADSP
dkim=discardable, but introduces other types of "authentication/"
Allowing more ways to authenticate might allow a small number of emails
to be delivered that might have been rejected when a signature is
damaged in transport, but this is unlikely, and unlikely to help with
mailing lists.
Path registration schemes largely depend upon the treatment of headers
and parameters holding domains other than the Author Domain. Any domain
that uses VBR and a provider handling many other domains might confront
a problem caused by treating _authorization_ as being "authentication."
Just because something is authorized, does not mean that its origination
has been authenticated. In an era where many legitimate accounts are
being compromised, DKIM provides a margin of safety where servers
commonly carry email for many different domains. The additional
protection afforded by DKIM is lost when depending upon discard vbr. :^(
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html