John Levine writes: > I wouldn't waste time worrying about whether various hacks might make > it 0.0001% easier to phish people.
Will you please stop focusing on *your* logic, and start thinking about what happens if people with different interpretations of the facts take action on those interpretations? *I* am not really worried about 0.0001% easier to phish (although I think my "2%" is a more accurate estimate). What I worry about is "what if Yahoo! and AOL think ...". We already know that they think differently from us. They are desperate and grasping at straws, as far as I can see. The whole SPF-ADDoS-DKIM-DMARC path shows that they are unwilling to bite the bullet of the obvious (and obviously correct) solution: proper per-author digital signatures by default. DMARC, as far as I can see (and have previously argued), is a good optimization for corporate authors, where users of a mailbox in a domain are delegates of the corporate owner of the domain. Where that is not true, it sucks for a whole slew of reasons, yet AOL and Yahoo! are trying to apply it. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9