On Fri, May 28, 2010 at 2:32 PM, John R. Levine <[email protected]> wrote: >> But I'd like to see if I understand the difference your are trying to >> highlight between a manually maintained list and a self published >> list. Manually, there is confidence in understanding the >> ramifications. Self published (ADSP) there is no assurance in the >> understanding of the ramifications. Therefore the data collected from >> one method is not applicable to the other? The end result (discarding) >> would somehow end up different? > > The discarding would be the same, but the mail that got discarded would be > different. In particular, from the point of view of my mail users, the > cost of losing a real notification from Paypal is low, since all the info > is on their web site, and the value of dropping an unsigned message is > high since it is (give or take Steve's numbers) likely to be a phish. > > For random domain X that is not a phish target and sends mail that is not > notifications, the cost of losing a real message is high, since it was > probably a message with real content, and the value of dropping an > unsigned message is low, since it's most likely a real message that got > its signature broken somehow.
OK, there's a question right there worth fleshing out. Is ADSP's primary benefit only for domains used to send notifications? Certainly that's the source of my desire for the ability to utilize ADSP. So if that's the only stated value, and it's clearly stated that this is all that ADSP does, then I still like it. I still want it. In past discussions there had been an expressed concern that the number of domains/companies who send notifications and are phish targets is very low, but I would counter that it is not low at all. My employer has financial institutions of all sizes as clients, from the very small to the very large, and I certainly do observe phishing attempts of the smaller ones. For these situations, I want to be able to utilize ADSP, even knowing that it is not compatible with forwarding or mailing lists. Regards, Al Iverson _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
