On 5/26/10 2:23 PM, Michael Thomas wrote: > >> I don't know of a way to do that which doesn't require a trust > >> relationship with the mail list provider. If you have such a > >> relationship then it's relatively trivial to just not bother with > >> ADSP checks for mail from such lists. > >> > >> I'm left not knowing what advantage there would be from a more > >> complex standardized approach. > Right, and where I have problems is that I doubt that most admins > have any clue whatsoever which lists their users subscribe to. Some > certainly have policies which may inform them (= don't do it), but > beyond that this sounds somewhere close to an impossible task.
Domains that assert ADSP "all" or "discardable" are assisting recipients who might be inundated with messages spoofing their From domain. This assistance can be extended by also indicating which employed third-party service may benefit from Author Domain signature exceptions. Every increase in the number of sources granted a policy exception represents an increased opportunity for exploitation. For example, specific authorizations of communications via mailing lists run by standard's organizations, or NGOs, would offer recipients far better security, than would resorting to unlimited numbers of different email domains having undefined authentication polices. While much can be said for reputation services, they are not good at preventing abuse from otherwise reputable sources. An authorization scheme for ADSP greatly reduces a domain's exposure within an environment seeing a growing diversity of abuse. Importantly, a DKIM specific authorization scheme places the burden of retaining trust on the sender, where it belongs. If you agree with this, stop kvetching. :^) No one requires senders to defend their recipients. Allowing ADSP to be more comprehensive with a simple and deterministic authorization mechanism, enables greater use and provide a stronger rationale for employing these policies. -Doug "The significant problems we face cannot be solved at the same level of thinking we were at when we created them." "Make everything as simple as possible, but not simpler." -- *Albert Einstein* _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
