On Thu, 15 Oct 2009 16:19:36 +0100, John Levine <[email protected]> wrote:
>>> No, ADSP adds the ability for senders to make unverified assertions >>> about their signing practices. Unless you already have some >>> knowledge about the domain, you have no idea whether it would be >>> useful to believe it. > >> On the contrary, it adds the ability for domain owners to make those >> asertions. Assuming that the domain owner has control of his own DNS >> records, those assertions are as reliable as the reputation of the >> relevant Domain Registrar (you can argue about how reliable that is, >> if you wish). > > Huh? Maybe things are different where you live, but in this part of > the world, registrars like Godaddy have millions of customers and know > nothing more about them than that their credit card charge for $8 was > approved. It's hard to imagine how anyone could think that a > registrar would know anything at all about its customers mailing > practices. I think you have missed the point. A malicious registrar might add/change an ADSP record, contrary to the instructions of the domain owner who is paying him. But I doubt Godaddy is that malicious. Generally speaking, if you see an ADSP resord, you can be 99.9% sure that it is there on the instructions of the domain owner, and therefore does not require further verification. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
