On 6/22/10 11:40 AM, [email protected] wrote: > adsp is an assertion by a sender. John's list is a reputation of the sender's > adsp assertions (WAG) > On Jun 22, 2010, at 2:29 PM, Michael Thomas wrote: > The vbr scheme will not help to mitigate a phishing problem, since it allows the "authentication" of any number of other domains. As such, it will not help deal with ADSP issues caused by mailing lists either.
The discard vbr represents roughly the same feature as ADSP dkim=discardable, but introduces other types of "authentication/" Allowing more ways to authenticate might allow a small number of emails to be delivered that might have been rejected when a signature is damaged in transport, but this is unlikely, and unlikely to help with mailing lists. Path registration schemes largely depend upon the treatment of headers and parameters holding domains other than the Author Domain. Any domain that uses VBR and a provider handling many other domains might confront a problem caused by treating _authorization_ as being "authentication." Just because something is authorized, does not mean that its origination has been authenticated. In an era where many legitimate accounts are being compromised, DKIM provides a margin of safety where servers commonly carry email for many different domains. The additional protection afforded by DKIM is lost when depending upon discard vbr. :^( -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
