On 4/24/14 11:27 AM, Terry Zink wrote: > Correct me if I am wrong, but I think that there are significant differences > between now and when ADSP was being investigated: > > 1. DKIM has much more prevalence in 2014 than it did in 2006, so requiring it > today isn't as big an obstacle. ADSP is published by the same domains that are deploying DKIM, so the overall prevalence of DKIM isn't a factor. > 2. DKIM doesn't tie the d= signature field to the 5322.From: address. So, you > can DKIM-sign all you want and add authorized third party signatures all you > want. But if the From: address is different than what was authenticated, then > the end user won't understand the difference. But ADSP does tie the d= signature to the 5322.From domain, by virtue of the fact that only signatures where d= matches the 5322.From domain match are considered "author domain" signatures. > > 3. DMARC is basically an anti-phishing technology, whereas while DKIM + ADSP > can do that, it doesn't do it as well. It's less intuitive to end users. And > because DMARC is better for anti-phishing, I would guess that's why it has > much better traction that ADSP ever could. Speaking for a large(ish) email > provider, DKIM is good but stopping phishing is better.
I'd like to understand why DMARC is "better for anti-phishing". But let's not turn this into a DMARC-vs-ADSP argument. And in either case, it shouldn't be intuitive to end users; it shouldn't even be visible to them. -Jim _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
