Dave Crocker <dcrocker(_at_)bbiw(_dot_)net> writes:
The basic value proposition of any sender authentication system as an
input to filtering is that lets you increase the sensitivity of the
filters, while still obtaining an acceptable overall false positive
rate.
Nicely said. (And, by the way, I agree with the statement.)
Imagine that without sender auth, your filters have a false
positive rate of P and a false negative rate of N. With sender auth,
some fraction of those false positives will be eliminated, letting you
dial up the sensitivity of the filter. If we assume that the sender
authentication is perfect, then we get the following:
Message Authenticated
Yes No False
positive 0 P' (P' > P) False negatives 0
N' (N' < N)
But this makes it even more attractive for the good senders to
authenticate their messages (because otherwise they stand a higher
chance of being rejected) which means that the receivers can increase
the sensitivity of their filters, and so on.
> So, at the end of the
day, if something like DKIM is successful, I would expect an
equilibrium where filters are set extremely high and nearly all good
senders authenticate their messages because otherwise they stand
an unacceptably high chance of having them rejected.
I am less certain of "expect" than I am of "hope for".
In any event, that is quite different from *requiring* everyone to
sign, or automatically rejecting all unsigned mail. Yet these are
what you were putting forward.
I don't know what you mean by "putting forward". Here's what I wrote:
AS I understand it the concern is that people who don't use DKIM
will eventually not be able to send e-mail to people who are using
it. I'm not sure that this is something that people should be
concerned about, indeed, the logic of this kind of system is that
if it succeeds that's exactly what will happen.
I guess it depends on how significant you think the difference between
"automatically rejecting all unsigned e-mail" and "unacceptably high
chance of having them rejected" is. My view is that it's more a
difference of degree than kind, but I apologize for speaking
imprecisely.
Further as was pointed out at the BOF, the scenario you have describe
is a voluntary community collaboration. So if the outcome you
describe occurs, it will be because the community agrees that they
like that outcome.
This makes it really perplexing to view it as a problem.
And I didn't say it was a problem. Indeed, I said "I'm not sure that
this is something that people should be concerned about..."
-Ekr
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf