[ this is also well trodden ground, so I will again try and keep this short ]
>> Short summary: DKIM and ADSP offer no meaningful defense against spoofing. > Shorter summary: The WG charter says there should be Yes, there was considerable naive optimism in the charter. We all agree that it would be great to have a scheme to spoof-proof mail. But ADSP isn't it, for the reasons we've all gone over, no matter how much we might wish that it were. >> * At this point, the only significant spoof targets that sign all >> their mail are Paypal and ebay. > > Who notably haven't deployed ADSP despite their strong business case. I can assure you that Paypal and eBay are quite aware of DKIM and ADSP, and I have personally heard them encourage ISPs to drop unsigned mail purporting to be from them due to the amount of forgery. Nonetheless, they don't publish ADSP. This tells me that I'm not the only one who thinks that there isn't a business case for ADSP. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
