We really need a FAQ for this group. >> Simply publishing an ADSP record does not change this fact. ADSP can >> perhaps be used productively for specific signers and verifiers, but it >> does not work for all legitimate scenarios. >> > What does work for all legitimate scenarios?
Short answer: nothing. Slightly longer answer: the problem with ADSP is that, based on my limited but I think credible statistics, most people who publish ADSP don't know what it means, so blindly following ADSP advice from random domains is more likely to discard real mail than phishes. There certainly are some domains that sign all their mail, don't mix individual with transactional mail, and are phish targets. Paypal.com is the standard example. Competently maintained lists of those domains would provide useful advice for discarding likely phishes. Back in June I wrote draft-levine-dbr-00, which describes Denounce-By-Reference, a simple way to publish such lists in the DNS. Anyone want to move it along? Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
