>Similarly, with ADSP you don't have to rely on published information, and >when information is published, you don't have to guess whether the >publisher is competent. You can maintain your own list of domains that you >trust to get ADSP right, and use standard software to apply that judgement.
Manual drop lists are a fine idea, but what do they have to do with ADSP? >1. Code reuse: Although you may choose to maintain your drop list, you >don't have to write software for your MTA, you can just configure it. I'm happy to reuse the manual drop code in Spamassassin. I still don't see what it has to do with ADSP. >2. Discoverability: You can find out from ADSP publications that the sender >cares about this stuff. OK, it's still a leap to add them to your drop >list, but you do at least have somewhere to start. Here's a thought experiment: let's say you have your list of domains that are known to be phish targets that sign their mail, so you drop unsigned mail, and they all happen to publish ADSP. Someone's ADSP record goes away. Is it more likely that they've stopped signing their mail, or that their ADSP record is temporarily messed up? Why? R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html