From: John R Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sure, but now we're perilously close to saying that all
mailing lists have to upgrade or the DKIM replay detector
will whack them, which strikes me as a total non-starter.
That tells me that a replay detector won't be useful because
of all the false positives.
How is that different from telling folk they must DKIM their email or
the spam filter will whack 'em?
This is not what people who are in the spam control business are
looking for, they already have systems that solve 90% of
spam problems
and they want to add authentication because it shuts down
many of the
tactics used in the remaining 10%.
Sounds about right to me.
When I design a system I don't just make it work for me and my company.
I try to make it work for as many groups as I can, even competitors in
some cases. Delivering the maximum possible value to effort ratio is the
aim.
I have a feeling that some folk are so focused on the 80/20 rule here
that they are failing to accept the fact that maybe they are actually
imposing a 50/50 cut and leaving an important 30% of low hanging fruit
functionality on the table.