On May 28, 2010, at 12:28 AM, Steve Atkins wrote: > > On May 27, 2010, at 9:15 PM, John Levine wrote: > >>> On the other hand, John and Steve expect that the benefits PayPal is >>> seeing in thwarted phishing messages will be short-lived, as phishers >>> just change domain names, and send out just as many messages as >>> before, fooling just as many recipients into thinking they're from >>> PayPal. >> >> Actually, that's Steve. John sees utility in manual drop lists, but >> not in ADSP since there is no way to tell whether someone publishing >> ADSP understands what it means. Recent experience suggests that they >> often don't. > > It's not really my view either. I do think that there's some risk of manual > drop lists becoming less effective, but I also think that it's more a risk > than a certainty, and it's something that may be resolved by a couple > of smart engineers - as it's a flexible approach that can > be modified in response to opponent behaviour in days or hours. > > That flexibility (and lack of publication of the details) and direct > involvement of smart people in real time to maintain it are some of the > things that make the manual drop list approach much more viable > than a static, self-publication approach.
My problem with this position is that it seems to argue for proprietary one-off solutions vs. Internet standards for email authentication policy assertions. I would think that's a non-starter, especially for participants in this WG. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
