Here you are evaluating SenderKeys in terms of the authority's algorithm
for when to auto-respond. What you assume is that for example, AccuSpam
is blacklisting individual addressses, which is not the case. AccuSpam
is counting the disapproval vs. approval ratio for a domain, then if it
is a spammer domain (one that sends > 99% spam from a probablistic
metric ... not pure ratio), then it blacklists the entire spammer domain
(e.g. gooddeals.com, a001.com, etc). The statistics theory prevents
blacklisting of domains that send some non-spam.
So here we are talking about a commercially available blacklist/whitelist.
And how many of these are available for senderkeys?
I never said SenderKeys will cover every sender that SPF or others can cover.
I have stated clearly that they are to some degree complementary. So if you do
not ever get enticed to become SenderKeys compatible, then perhaps it means to
you (personal decision) SenderKeys is not something you need.
There is no way any one (even you) can answer your question, because it would
be like asking how many domains supported SPF before SPF was released and
promoted.
Last I saw SPF has like 7000+ known domains and AccuSpam already has processed
over 100,000 spams, probably at least 30,000 of them forged senders, so
SenderKeys could spread very fast even if only AccuSpam, because we already
have approx 100 users (changes hourly) in first month of release...
And what are the costs
of using them?
AccuSpam is free as one example.
And is the MUA plug-in/patch free?
Last time I checked most major email MUAs on Windows at least are free (Outlook
Express, Eudora free version, etc).
I do not know why MUA vendors would support other desired new protocols for
free in past and not SenderKeys. If SenderKeys really stops forgery, and users
want it, then I would expect demand = supply as always in economics.
Let me turn the question back on you.
How much will it cost for 1 million personal domains to each individually
configure SPF DNS, educate, upgrade and configure their MUAs for SMTP AUTH,
etc... as necessary to support "-all" for their domains??
Given a message with a missing SenderKeys signature, SenderKeys will pass
the message to the "authority" (AccuSpam or spamassassin, perhaps) and the
authority will use whatever additional heuristics it chooses. If the
message has an invalid or incorrect signature, SenderKeys will presumably
block the message (bounce, drop, whatever the user wants at that point).
Hang on - I thought the "authority" only holds lists of those domains
without senderkeys,
The SenderKeys authority only hold the list of domains *WITH* SenderKeys, and a
list of pending private keys that are being aged if not activated.
Above I think he was using authority interchangeable with verifier, because in
many cases (AccuSpam) they might be the same entity, but not necessarily or
always.
and challenges the mail address on that domain to get
their senderkey setup before the mail will get to the recipient.
No, no.
The decision about when to require anti-forgery check is the discretion of the
recipient and the anti-spam algorithm the recipient chooses. Just as it is
without SenderKeys.
I am suggesting that most anti-spam systems will use some intelligience such as
white or blacklist to know when it needs to suspect forgery. It is possible
than an authority will be completely ignorant of such additional data and
entice for SenderKeys when ever it is not present, but this does not equate
with not delivering the email if SenderKeys is not present, just as we deliver
email which does not have an SPF record.
If the
"authority" actually does the spam filtering it might well be taking out
stuff I actually want, etc. Spam to you might be ham to me ;-)
No only anti-spam system of the recipient will decide when to apply SPF,
SenderKeys, and any other algorithm. Yes some anti-spam generate false
positives, but this has nothing to do with SenderKeys. AccuSpam does not
generate false positive and will continue not to, with SPF and/or SenderKeys.
You are getting me (and others) confused about the difference between
AccuSpam and SenderKeys.
Senderkeys is a mechanism - Accuspam is the paid for service you have to
subscribe to to use it ;-)
Actually the basic AccuSpam is free. There is a paid version with extra
features such as better proxy, more storage for deleted emails, etc..
I can understand why SenderKeys is getting confused with AccuSpam.
Just think of SenderKeys as:
1. Authority is made aware than an email does not contain SenderKeys header.
Authority sends private key enticement to sender (hopefully to sender's MUA is
SenderKeys aware).
2. Then the sender is SenderKeys enabled.
Simple.
I am very happy to elaborate if you can please appeal to the list to
reinstate me. I have turned off my auto-respondeer.
I've noticed - but your brief and inglorious career on the mail-list was of
your own making. It's a pity you didn't introduce us to the mechanism and
leave the red-herring of accuspam out of it - even though that will be your
paycheck if the system ever gets going.
Is Pobox.com not mentioned with SPF?
Last I looked the official url is:
http://spf.pobox.com
Get youself a mail-list and we
might continue the discussion there.......
No problem. If you do not feel this discussion of how SPF and SenderKeys can
complement each other is helpful to SPF then I will leave.
Just stop responding and I will not have anything to respond to. Then I can
get some sleep. Thanks.
Yes SenderKeys will need a Forum also. Actually AccuSpam already has a Forum
and you are welcome to post there instead of SPF forum if you are serious about
moving the discussion.
Thanks,
Shelby