Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

>12. I haven't tweaked anything. Assuming my reading of the >configuration files is correct, spamassassin is querying ADSP for >incoming mail, and applying a positive bump to the "spamminess" score >when a message comes from a domain with dkim=all, and a bigger bump for >dkim=discardable. Th

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

MH Michael Hammer (5304) wrote: > > I'm still waiting for someone to produce use numbers (of domains) for > ADSP. Just out of curiosity, what number do we have to reach to hit the > technical term "massive"? Somehow I doubt that in it's current > incarnation ADSP will ever have massive implementa

Re: [ietf-dkim] shared drop lists

> My problem with this position is that it seems to argue for > proprietary one-off solutions vs. Internet standards for email > authentication policy assertions. That's certainly a reasonable concern. I expect that if it turns out there are more discardable domains than Paypal, people would use

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

> Instead of kvetching about ADSP, you might tell the list owners that >> their list software heuristics are broken. > > Oh, OK, that shouldn't be hard. Actually, I doubt it will be hard. The casualties of ADSP causing third party kicks causes the blame to laid where it deserves: the list software

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

havnt been keeping up with all of the threads so forgive me if I am repeating earlier arguments ADSP is crippled, intentionally so. Its usefulness is limited to financial transaction types of transactions that may well be easily duplicated with a whale lamp, quill and parchment rbl management. D

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

>> The basic problem with ADSP is that we shipped an untested prototype, ... The problems with ADSP aren't just for lists, but whatever. >Instead of kvetching about ADSP, you might tell the list owners that >their list software heuristics are broken. Oh, OK, that shouldn't be hard. I'll get rig

[ietf-dkim] My discardable statistics

I've been saving the DKIM signatures on mail sent to my inbox for about the past year, so I did a little analysis on them. There's a total of 71,000 signed messages that got to the procmail delivery filter, signed by a total of 474 domains. I went through and looked up the ADSP records for all of

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On Jun 2, 2010, at 4:42 PM, John Levine wrote: >> This suggests attempting an exercise. The exercise is to try to document >> the >> boundaries for using ADSP. It requires being careful in describing failure >> scenarios and careful is assessing their likelihood. >> >> As for attempting car

Re: [ietf-dkim] list ADSP, was Lists "BCP" draft available

>> But I don't think it's clear that doing so would change anything at >> the recipients MX. As a concrete example, if two subscribers to a >> mailing list send mail to the list, one DKIM signed and one not, >> and the list then signs each message and sends it to the recipient, >> is there any reas

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

>This suggests attempting an exercise. The exercise is to try to document the >boundaries for using ADSP. It requires being careful in describing failure >scenarios and careful is assessing their likelihood. > >As for attempting careful caveats so far, they are scattered around: > >

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 06/02/2010 04:25 PM, Steve Atkins wrote: > > On Jun 2, 2010, at 4:10 PM, Michael Thomas wrote: > >> On 06/02/2010 03:47 PM, Douglas Otis wrote: >>> On 6/2/10 2:43 PM, Michael Thomas wrote: Instead of kvetching about ADSP, you might tell the list owners that their list software heuristi

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On Jun 2, 2010, at 4:10 PM, Michael Thomas wrote: > On 06/02/2010 03:47 PM, Douglas Otis wrote: >> On 6/2/10 2:43 PM, Michael Thomas wrote: >>> Instead of kvetching about ADSP, you might tell the list owners that their >>> list software heuristics are broken. >>> >> Mailing lists are on higher g

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 06/02/2010 03:47 PM, Douglas Otis wrote: > On 6/2/10 2:43 PM, Michael Thomas wrote: >> Instead of kvetching about ADSP, you might tell the list owners that their >> list software heuristics are broken. >> > Mailing lists are on higher ground, since they are not introducing the > new mechanism.

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 6/2/2010 3:36 PM, J.D. Falk wrote: >We always knew ADSP discardable wasn't appropriate > for domains with users who send messages to mailing lists, and is equally > inappropriate for all sorts of other legitimate uses of email. This suggests attempting an exercise. The exercise is to try

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 6/2/10 2:43 PM, Michael Thomas wrote: > Instead of kvetching about ADSP, you might tell the list owners that their > list software heuristics are broken. > Michael, Mailing lists are on higher ground, since they are not introducing the new mechanism. ADSP is dealing with an issue signific

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

> Also, there's documented precedent within the IETF. RFC 863 has a clear > definition: ... >> 2.3.6. Buffer and State Table ... > 5321 uses "discard" or "discarded" in other places, too. Well, one must always respect the lawyerly exercise of doing an audit to find precedent. But there's so

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On Jun 2, 2010, at 4:08 PM, Dave CROCKER wrote: > On 6/2/2010 2:58 PM, Murray S. Kucherawy wrote: >> If we all agree that that's a valid characterization of ADSP, I suggest we >> move to get it downgraded from Proposed Standard to Experimental. > > I don't recall seeing anything that looks like "

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On Jun 2, 2010, at 10:55 AM, John R. Levine wrote: >> My guess is that the phrase "the domain encourages the recipient(s) to >> discard it" is intended to refer to a silent discard. > > I don't think any of us expected the recipient to send a notification. I > certainly didn't, since the assum

[ietf-dkim] ADSP intent vs. usage (was Re: list vs contributor signatures, was Wrong Discussion)

On Jun 2, 2010, at 1:26 PM, John R. Levine wrote: >>> Recent experience suggests that they often don't. >> Can you name someone with ADSP experience who doesn't understand what it >> means? > > Not to pick on you specifically, since there are multiple examples, but > I'd say that domains that p

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

> If we all agree that that's a valid characterization of ADSP, I suggest we > move to get it downgraded from Proposed Standard to Experimental. There's > certainly a lot of rhetoric suggesting it's an experiment that's in the > process of failing, though the experiment is also arguably not com

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Steve Atkins > Sent: Wednesday, June 02, 2010 3:07 PM > To: DKIM List > Subject: Re: [ietf-dkim] the danger of ADSP, was list vs contributor > > > At any rate, I'm happy to p

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 6/2/2010 2:58 PM, Murray S. Kucherawy wrote: > If we all agree that that's a valid characterization of ADSP, I suggest we > move to get it downgraded from Proposed Standard to Experimental. I don't recall seeing anything that looks like "we all agree" on such a point. That some do is fine,bu

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On Jun 2, 2010, at 2:58 PM, Murray S. Kucherawy wrote: >> >> >> The basic problem with ADSP is that we shipped an untested prototype, >> and >> at this point the only way to test it is to try experiments and hope >> they >> don't do too much damage before we have a chance to tweak and mitigate >

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of John R. Levine > Sent: Wednesday, June 02, 2010 2:11 PM > To: Brett McDowell > Cc: DKIM List > Subject: Re: [ietf-dkim] the danger of ADSP, was list vs contributor > > The ba

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 4:36 PM, MH Michael Hammer (5304) wrote: > So, is this a discussion about a BCP for MLMs or is this a discussion > about revisiting the ADSP spec? The course of the discussion really > depends on what the consensus is. Let's break these up. Murray tried and I think succeeded

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

On 06/02/2010 02:11 PM, John R. Levine wrote: > The basic problem with ADSP is that we shipped an untested prototype, and > at this point the only way to test it is to try experiments and hope they > don't do too much damage before we have a chance to tweak and mitigate the > problems. I appreciat

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 4:05 PM, Dave CROCKER wrote: > If proponents want simply to keep automatically saying that things are great > and > keep automatically rejecting any counter-points, then I'm not clear what the > purpose of these discussions is. If opponents want simply to keep automatically

Re: [ietf-dkim] the danger of ADSP, was list vs contributor

> You'd call it malice to prioritize consumer protection over the a very > small population of employees being temporarily inconvenienced by having > some of their messages to mail lists delivered to SPAM and in some > corner cases, actually unsubscribed from lists... You're welcome to take wha

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 12:28 PM, Brett McDowell wrote: > > On Jun 2, 2010, at 2:41 PM, Steve Atkins wrote: > >> >> Second... >> >> steve$ host -t txt _adsp._domainkey.paypal.net >> _adsp._domainkey.paypal.net has no TXT record >> steve$ host -t txt paypal.net >> paypal.net has no TXT

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: Dave CROCKER [mailto:d...@dcrocker.net] > Sent: Wednesday, June 02, 2010 4:26 PM > To: MH Michael Hammer (5304) > Cc: DKIM List > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > > On 6/2/2010 1:21 PM, MH Michael Hammer

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: Dave CROCKER [mailto:d...@dcrocker.net] > Sent: Wednesday, June 02, 2010 4:06 PM > To: MH Michael Hammer (5304) > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > > On 6/2/2010 12:58 PM, MH M

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 1:21 PM, MH Michael Hammer (5304) wrote: > Actually, IETF has been somewhat mild compared to MARID. Narrower topic. Smaller group. Made it a lot easier to be selective with the attacks... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: MH Michael Hammer (5304) > Sent: Wednesday, June 02, 2010 4:21 PM > To: 'Brett McDowell'; John R. Levine > Cc: DKIM List > Subject: RE: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > > > Actually, IETF has been somewhat mild compa

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Brett McDowell > Sent: Wednesday, June 02, 2010 3:46 PM > To: John R. Levine > Cc: DKIM List > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussio

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 12:58 PM, MH Michael Hammer (5304) wrote: >> Since we've been seeing reports of breakage due to using ADSP records for >> domains that are not under sufficient control, it is clear that some >> fraction of the ADSP-using world does not understand what it is for, or at >> least what it

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Dave CROCKER > Sent: Wednesday, June 02, 2010 3:48 PM > To: Brett McDowell > Cc: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: John R. Levine [mailto:jo...@iecc.com] > Sent: Wednesday, June 02, 2010 3:38 PM > To: MH Michael Hammer (5304) > Cc: DKIM List > Subject: RE: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > I can't help myself. This image of John sitt

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> If the domain or subdomain involved has enduser (at all) accounts then > it is likely a poor candidate for ADSP "DISCARDABLE". ADSP "DISCARDABLE" > should be used for domains that are subject to high levels of abuse and > are used primarily for transactional or marketing email and where the > mai

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 11:29 AM, Brett McDowell wrote: > ADSP seems to mean one thing to pundits and something else to the people > actually using it. Who is right? > >> Recent experience suggests that they often don't. > > Can you name someone with ADSP experience who doesn't understand what it > means?

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 3:26 PM, John R. Levine wrote: >>> Recent experience suggests that they often don't. >> Can you name someone with ADSP experience who doesn't understand what it >> means? > > Not to pick on you specifically, since there are multiple examples, but I'd > say that domains that p

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of John R. Levine > Sent: Wednesday, June 02, 2010 3:26 PM > To: Brett McDowell > Cc: DKIM List > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussio

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> I can't help myself. This image of John sitting at a desk with his quill > and inkwell manually maintaining his credible list by the light of a > whale oil lamp keeps popping into my minds eye. How scalable is that > list John? If ye towne cryer dost distribute such a liste to manye and divers m

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On May 28, 2010, at 12:14 AM, John Levine wrote: >> So I understand your line of reasoning. But today, I believe ADSP can >> provide a benefit. Brett has data that supports that. > > Once again, we have a pernicious confusion between manually maintained > drop lists and ADSP. > > Brett has data

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Michael Thomas > Sent: Wednesday, June 02, 2010 3:07 PM > To: Steve Atkins > Cc: DKIM List > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On May 28, 2010, at 12:15 AM, John Levine wrote: >> On the other hand, John and Steve expect that the benefits PayPal is >> seeing in thwarted phishing messages will be short-lived, as phishers >> just change domain names, and send out just as many messages as >> before, fooling just as many recip

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 2:41 PM, Steve Atkins wrote: > > On Jun 2, 2010, at 10:59 AM, Brett McDowell wrote: > >> On May 28, 2010, at 1:08 AM, Steve Atkins wrote: >> >>> Paypal is rather a special case, as they actively register >>> many, many domains in a lot of TLDs that contain the word >>> paypa

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> In terms of public information, we are in production with DKIM > verification/blocking today with two mailbox providers. We'd like to be in > production with say... two hundred by some near-term date certain. Hence the > need for ADSP. This is a non-sequitur, but we've been through it befor

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

>> Recent experience suggests that they often don't. > Can you name someone with ADSP experience who doesn't understand what it > means? Not to pick on you specifically, since there are multiple examples, but I'd say that domains that publish dkim=discardable and who let their users subscribe a

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On May 28, 2010, at 12:28 AM, Steve Atkins wrote: > > On May 27, 2010, at 9:15 PM, John Levine wrote: > >>> On the other hand, John and Steve expect that the benefits PayPal is >>> seeing in thwarted phishing messages will be short-lived, as phishers >>> just change domain names, and send out ju

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On 6/2/10 10:10 AM, Scott Kitterman wrote: > "Dave CROCKER" wrote: > > On 6/2/2010 8:08 AM, Al Iverson wrote: > >>> Agree. "Discard" and "silently discard" mean the same thing, in my >>> opinion. Though, I am guilty of using the phrase "silently discard." >>> Maybe in an attempt to be slightly

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 3:06 PM, Michael Thomas wrote: > On 06/02/2010 11:41 AM, Steve Atkins wrote: >> Fourth, as I mentioned above, even if all you said was valid, registering >> thousands of domains in order to make ADSP sort-of work against phishing >> isn't something that scales, either in term

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 9:33 AM, MH Michael Hammer (5304) wrote: > > >> -Original Message- >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- >> boun...@mipassoc.org] On Behalf Of John Levine >> Sent: Wednesday, June 02, 2010 9:21 AM >> To: ietf-dkim@mipassoc.org >> Subject: Re: [ietf

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 06/02/2010 11:41 AM, Steve Atkins wrote: > Fourth, as I mentioned above, even if all you said was valid, registering > thousands of domains in order to make ADSP sort-of work against phishing > isn't something that scales, either in terms of domain name system nor the > expense. If ADSP requi

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On May 28, 2010, at 1:08 AM, Steve Atkins wrote: > Paypal is rather a special case, as they actively register > many, many domains in a lot of TLDs that contain the word > paypal or some misspelling of it, both proactively and in > response to enforcement. I didn't consider those domains > as trig

Re: [ietf-dkim] ADSP, was Lists "BCP" draft available

On May 26, 2010, at 12:59 PM, Steve Atkins wrote: > On May 26, 2010, at 7:45 AM, Brett McDowell wrote: > >> On May 25, 2010, at 8:43 PM, Scott Kitterman wrote: >> Like I said, "throw away anything that doesn't have our signature" has some chance of broad adoption. Every extra word yo

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On May 28, 2010, at 12:01 AM, Steve Atkins wrote: > > 1. Do we want to reduce the DKIM broken signature rate or do we want to make > ADSP less vulnerable to it. Or both, I guess. I think both of those objectives are of interest. > > 2. If we want to reduce the DKIM broken signature rate, do

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 10:59 AM, Brett McDowell wrote: > On May 28, 2010, at 1:08 AM, Steve Atkins wrote: > >> Paypal is rather a special case, as they actively register >> many, many domains in a lot of TLDs that contain the word >> paypal or some misspelling of it, both proactively and in >> respo

[ietf-dkim] MLM subject-tags - WAS: {Re: Lists "BCP" draft review}

Branching the discussion with regard to MLM subject tags. On Jun 1, 2010 at 18:43 -, John Levine wrote: => =>>> > "The content of MLM modification of the subject tag is effectively =>>> > replicating the List-ID value in a way visible to the recipient. This =>>> > behavior was motivated

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: John R. Levine [mailto:jo...@iecc.com] > Sent: Wednesday, June 02, 2010 2:25 PM > To: Brett McDowell > Cc: MH Michael Hammer (5304); ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > > > Well, you'd pro

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> Well, you'd process that mail as if... there were no ADSP policy because... > there's no ADSP policy. I guess I agree, since I would use a credible manually maintained list and ignore the ADSP whether or not there was any. R's, John ___ NOTE WELL: T

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

Scott Kitterman wrote: > "Dave CROCKER" wrote: > > >> On 6/2/2010 8:08 AM, Al Iverson wrote: >> >>> Agree. "Discard" and "silently discard" mean the same thing, in my >>> opinion. Though, I am guilty of using the phrase "silently discard." >>> Maybe in an attempt to be slightly over-specif

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

"Dave CROCKER" wrote: > > >On 6/2/2010 8:08 AM, Al Iverson wrote: >> Agree. "Discard" and "silently discard" mean the same thing, in my >> opinion. Though, I am guilty of using the phrase "silently discard." >> Maybe in an attempt to be slightly over-specific. > > >I do not recall seeing a dict

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

>> Your English is fine. "Discard" means throw away. > > And, to "silently discard" is to discard without informing anyone. It means, > for example, that you don't also generate a bounce message, or a notification > to the recipient. > > My guess is that the phrase "the domain encourages the rec

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

"John Levine" wrote: >>Similarly, with ADSP you don't have to rely on published information, and >>when information is published, you don't have to guess whether the >>publisher is competent. You can maintain your own list of domains that you >>trust to get ADSP right, and use standard softw

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 9:12 AM, MH Michael Hammer (5304) wrote: > > For shame Dave. Taking one sentence out of context is something I would > not have expected from you. After all this time, I am glad to hear that I can still surprise you... FWIW I took it out of context entirely knowingly. Frankly, I wa

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On Jun 2, 2010, at 8:08 AM, Al Iverson wrote: > On Wed, Jun 2, 2010 at 9:48 AM, John R. Levine wrote: >>> given the recent discussions, it seems to me that people want to have a >>> definition of what 'discard' means in the context as described above. As a >>> non-native English speaker (or what

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On Jun 2, 2010, at 4:50 AM, Ian Eiloart wrote: > > > --On 27 May 2010 14:57:06 -0700 Steve Atkins wrote: > >> >>> Legitimate email from paypal: >>> >>> 72% rejected by ADSP >>> 28% not rejected >>> >>> Phishing emails using "paypal" in the From line: >>> >>> 39% rejected by ADSP >>>

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

For shame Dave. Taking one sentence out of context is something I would not have expected from you. When I say "It is simple" in response to Johns artificially constructed hypothetical, this is not the sweeping statement of the universe you are trying to present it as. In Johns example he is try

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On 6/2/2010 8:50 AM, Al Iverson wrote: >> Taken on its own and without further technical specifications 'discard' does >> not direct, imply or request that the action be silent or noisy, and if >> noisy who gets to hear it. > > I'm perfectly fine with being more explicit, but I do think there's a

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

--On 2 June 2010 10:48:03 -0400 "John R. Levine" wrote: >> given the recent discussions, it seems to me that people want to have a >> definition of what 'discard' means in the context as described above. As >> a non-native English speaker (or what's the right term?) I suppose (but >> am not s

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On Wed, Jun 2, 2010 at 10:43 AM, Dave CROCKER wrote: > On 6/2/2010 8:08 AM, Al Iverson wrote: >> >> Agree. "Discard" and "silently discard" mean the same thing, in my >> opinion. Though, I am guilty of using the phrase "silently discard." >> Maybe in an attempt to be slightly over-specific. > > >

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 6:33 AM, MH Michael Hammer (5304) wrote: > It's really quite simple. This is the crux of the disparity of views. Those of use who note that none of this is simple worry about adoption and success barriers, noting that new services have a long and problematic history and that more

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On 6/2/2010 8:08 AM, Al Iverson wrote: > Agree. "Discard" and "silently discard" mean the same thing, in my > opinion. Though, I am guilty of using the phrase "silently discard." > Maybe in an attempt to be slightly over-specific. I do not recall seeing a dictionary or technical definition of "

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

On Wed, Jun 2, 2010 at 9:48 AM, John R. Levine wrote: >> given the recent discussions, it seems to me that people want to have a >> definition of what 'discard' means in the context as described above. As a >> non-native English speaker (or what's the right term?) I suppose (but am not >> sure) th

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

> given the recent discussions, it seems to me that people want to have a > definition of what 'discard' means in the context as described above. As a > non-native English speaker (or what's the right term?) I suppose (but am not > sure) the word 'discard' can have multiple meanings (apart from

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

> -Original Message- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of John Levine > Sent: Wednesday, June 02, 2010 9:21 AM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong > Discussion > >

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

John Levine wrote: Unfortunately, ADSP did not define what was meant by "discardable". We said: All mail from the domain is signed with an Author Domain Signature. Furthermore, if a message arrives without a valid Author Domain

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 2 June 2010 08:35:56 -0400 "John R. Levine" wrote: > > There's ADSP code in Spamassassin for anyone who wants it. They suggest > that you configure it to ignore actual ADSP and hard code a handful of > domains such as paypal.com and ebay.com. > Why not do both? Look up, and log results f

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

>Similarly, with ADSP you don't have to rely on published information, and >when information is published, you don't have to guess whether the >publisher is competent. You can maintain your own list of domains that you >trust to get ADSP right, and use standard software to apply that judgement.

Re: [ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

>> Unfortunately, ADSP did not define what was meant by "discardable". We said: All mail from the domain is signed with an Author Domain Signature. Furthermore, if a message arrives without a valid Author Domain Signature due to modifi

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 4:46 AM, Ian Eiloart wrote: > --On 28 May 2010 13:26:28 -0700 Dave CROCKER wrote: >> On 5/28/2010 12:07 PM, Jeff Macdonald wrote: >>> But I'd like to see if I understand the difference your are trying to >>> highlight between a manually maintained list and a self published >>> list.

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

>> That's a good start. Now we need to figure out some way to find out >> who's doing those lookups, and what they're doing with them. > > It should be fairly easy to figure out how many unique IP addresses are doing > the lookups, and give some view of the distribution. And then not too hard to

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 26 May 2010 15:51:33 -0400 Brett McDowell wrote: > On May 26, 2010, at 1:42 PM, Steve Atkins wrote: > > I'm big on concrete examples. So how does your logical conclusion > deal with these two situations? > > $ host -t txt _adsp._domainkey.paypaI.me > _adsp._domainkey

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 28 May 2010 13:26:28 -0700 Dave CROCKER wrote: > > On 5/28/2010 12:07 PM, Jeff Macdonald wrote: >> But I'd like to see if I understand the difference your are trying to >> highlight between a manually maintained list and a self published >> list. > > There is a key semantic difference whic

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 27 May 2010 14:57:06 -0700 Steve Atkins wrote: > > On May 27, 2010, at 2:22 PM, Steve Atkins thinkoed: >> >> Legitimate email from paypal: >> >>72% rejected by ADSP >>28% not rejected >> >> Phishing emails using "paypal" in the From line: >> >>39% rejected by ADSP >>61% re

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

On 6/2/2010 4:08 AM, Ian Eiloart wrote: > --On 26 May 2010 14:00:54 -0700 Steve Atkins > wrote: >>You may win the battle of preventing use >> of the string "paypal.com" in the non-displayed part of the From: field, >> yet lose the war of protecting your users from phishers. > > There's no

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 27 May 2010 21:57:54 -0400 "John R. Levine" wrote: >> We have had ADSP deployed since the week before the February MAAWG >> meeting. I just asked our infrastructure guru to do a quick check and >> we are seeing about a million ADSP look-up's per day at this point. > > That's a good start.

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 26 May 2010 14:00:54 -0700 Steve Atkins wrote: > > Given that, it's not something that will provide any benefit once ADSP is > deployed - maybe just the opposite, as it will effectively neuter the > approach you're currently using. You may win the battle of preventing use > of the string

Re: [ietf-dkim] list vs contributor signatures, was Wrong Discussion

--On 26 May 2010 11:48:53 -0700 Michael Thomas wrote: > >> Perhaps I'm missing something. I'm working with the mental model >> that the underlying problem ADSP advocates would like to address >> is phishing or brand protection, as they're the only concrete problems >> I've seen mentioned. > > S

[ietf-dkim] ADSP and Discardable (was Re: Lists "BCP" draft review)

Douglas Otis wrote: > IIRC, Sendmail defined DISCARD in their Access Database Format, where to > override rejection, assert OK; to permit relaying, assert RELAY; to > always reject the message, assert REJECT; and to discard the message > completely, assert DISCARD. And the Postfix man page f