Let me clarify it. From a deterministic protocol standpoint, depending only on base signing analysis has no payoff, i.e. no filtering is legitimately possible with high confidence and zero/low false positive.
What is left is non-deterministic, heuristic, classification Bayesian scoring, learning, "fuzzy, neural net, expert system" and similar AI-like logic methods, including SA like methods. Sure, you can learn from weighting indeterminate results. But it's not deterministic, not 1 nor 0, but in between. Not yes/no, but maybe. I agree this method were always possible, and expected it in order to deal with these unknowns "in-between" results, the ones that result from relaxed or no policies. The only real issue with this method is that it's not shareable. It could not be a network persistent and consistent protocol method unless there was a centralized repository concept/service everyone can check with similar results. If a site depends on such a method, then the sites that do no sign up for this central reputation lookup service will become targets. It has long been shown that bad guys do target "weaker" sites especially when it's well known a common reputation method doesn't exist in practice for everyone to use. The DNS-based author domain defined policy is the only common approach we have now. -- Hector Santos http://www.santronics.com > On Jun 19, 2014, at 2:45 PM, "Murray S. Kucherawy" <superu...@gmail.com> > wrote: > >> On Thu, Jun 19, 2014 at 11:15 AM, Hector Santos <hsan...@isdg.net> wrote: >> While DKIM-BASE tried to clean up this separation of the author domain >> policy, it could not because of all the past existing ADSP or SSP references >> in the many DKIM related RFCs, see RFC6376, section 1.1. But conceptually, >> it didn't matter what you called it. It was an author domain signing policy >> protocol and today, it's called DMARC. DKIM has no payoff with just base >> signing analysis . It was separated but with all the intentions of sticking >> secondary author policy and signer trust layers on it before a payoff was >> realized. > > There are reputation systems -- I built one, and I know others exist -- that > use DKIM as the identifier on which reputation is built, and they've been > effective in experimental environments at identifying what's good and what's > outside of "good". > > The difference here is between active and passive determination of what's > good and what's not good. If you want active, I agree that DKIM by itself > isn't enough. But I disagree, with evidence, that DKIM "has no payoff with > just base signing analysis". > > If that's not convincing enough, consider that IP reputation has been largely > successful, and the input to such systems is a verified identifier, which is > the same class of output DKIM provides. > > -MSK > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
