ietf-mailsig
[Top] [All Lists]

Re: MASS Security Review document

2005-02-11 07:03:49

On Fri, 2005-02-11 at 08:01 -0500, Andrew Newton wrote:
On Feb 10, 2005, at 7:49 PM, Michael Thomas wrote:

Actually, I'd call it an _insignificant_ class of domain because
the reputation that you can derive from, oh say, hotmail or aol
or y! is so, so very problematic: even if they are behaving badly,
who would dare blacklist them? (ok, there will be some ninnies, but
they're outliers). *Far* more interesting and significant are the
domains that are *not* very well known. This gives a big incentive
to do very good policing lest your reputation suffer...

I'm very perplexed by this.  Are you suggesting that the biggest 
senders of email by brand are to be exempt from the rules of MASS but 
that everybody else must abide by them?  I'm not sure how this will 
help adoption.

As if rules always apply equally in all situations... One has to 
remember that MASS is primarily a mechanism to prevent forgery, and
secondarily a way to enable reputation. What the big mail providers,
etc, get out of this bargain is a way to effectively stop miscreants
from using their domain's name without going through something that
they trust (eg, their MTA's). That's pretty good incentive even if
the likelihood that you could then turn around and use that as the 
basis for a meaningful reputation check is low.

                Mike


<Prev in Thread] Current Thread [Next in Thread>