> But I'd like to see if I understand the difference your are trying to > highlight between a manually maintained list and a self published > list. Manually, there is confidence in understanding the > ramifications. Self published (ADSP) there is no assurance in the > understanding of the ramifications. Therefore the data collected from > one method is not applicable to the other? The end result (discarding) > would somehow end up different?
The discarding would be the same, but the mail that got discarded would be different. In particular, from the point of view of my mail users, the cost of losing a real notification from Paypal is low, since all the info is on their web site, and the value of dropping an unsigned message is high since it is (give or take Steve's numbers) likely to be a phish. For random domain X that is not a phish target and sends mail that is not notifications, the cost of losing a real message is high, since it was probably a message with real content, and the value of dropping an unsigned message is low, since it's most likely a real message that got its signature broken somehow. > John, is your manually maintained list done in co-operation with the > those in the list? To the extent that they are domains that I know are phish targets, send predominantly transactions, and have stated that they sign all their mail, yes. If you mean did I call them up and ask if I should put them in my drop list, no. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html