"John Levine" <[email protected]> wrote:
>>Similarly, with ADSP you don't have to rely on published information, and >>when information is published, you don't have to guess whether the >>publisher is competent. You can maintain your own list of domains that you >>trust to get ADSP right, and use standard software to apply that judgement. > >Manual drop lists are a fine idea, but what do they have to do with ADSP? > >>1. Code reuse: Although you may choose to maintain your drop list, you >>don't have to write software for your MTA, you can just configure it. > >I'm happy to reuse the manual drop code in Spamassassin. I still don't >see what it has to do with ADSP. > >>2. Discoverability: You can find out from ADSP publications that the sender >>cares about this stuff. OK, it's still a leap to add them to your drop >>list, but you do at least have somewhere to start. > >Here's a thought experiment: let's say you have your list of domains >that are known to be phish targets that sign their mail, so you drop >unsigned mail, and they all happen to publish ADSP. Someone's ADSP >record goes away. Is it more likely that they've stopped signing >their mail, or that their ADSP record is temporarily messed up? Why? Or, I suspect most likely, they thought they were signing everything and then later something changed or they discovered they missed a piece of their infrastructure, so they've retracted the policy until they've corrected the problem. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
