12. I haven't tweaked anything. Assuming my reading of the
configuration files is correct, spamassassin is querying ADSP for
incoming mail, and applying a positive bump to the spamminess score
when a message comes from a domain with dkim=all, and a bigger bump for
dkim=discardable. This
--On 26 May 2010 11:48:53 -0700 Michael Thomas m...@mtcc.com wrote:
Perhaps I'm missing something. I'm working with the mental model
that the underlying problem ADSP advocates would like to address
is phishing or brand protection, as they're the only concrete problems
I've seen mentioned.
--On 26 May 2010 14:00:54 -0700 Steve Atkins st...@wordtothewise.com
wrote:
Given that, it's not something that will provide any benefit once ADSP is
deployed - maybe just the opposite, as it will effectively neuter the
approach you're currently using. You may win the battle of preventing
--On 27 May 2010 21:57:54 -0400 John R. Levine jo...@iecc.com wrote:
We have had ADSP deployed since the week before the February MAAWG
meeting. I just asked our infrastructure guru to do a quick check and
we are seeing about a million ADSP look-up's per day at this point.
That's a good
On 6/2/2010 4:08 AM, Ian Eiloart wrote:
--On 26 May 2010 14:00:54 -0700 Steve Atkinsst...@wordtothewise.com
wrote:
You may win the battle of preventing use
of the string paypal.com in the non-displayed part of the From: field,
yet lose the war of protecting your users from phishers.
--On 27 May 2010 14:57:06 -0700 Steve Atkins st...@wordtothewise.com
wrote:
On May 27, 2010, at 2:22 PM, Steve Atkins thinkoed:
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
39% rejected by ADSP
61%
--On 28 May 2010 13:26:28 -0700 Dave CROCKER d...@dcrocker.net wrote:
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list.
There is a key semantic
That's a good start. Now we need to figure out some way to find out
who's doing those lookups, and what they're doing with them.
It should be fairly easy to figure out how many unique IP addresses are doing
the lookups, and give some view of the distribution. And then not too hard to
On 6/2/2010 4:46 AM, Ian Eiloart wrote:
--On 28 May 2010 13:26:28 -0700 Dave CROCKERd...@dcrocker.net wrote:
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
Similarly, with ADSP you don't have to rely on published information, and
when information is published, you don't have to guess whether the
publisher is competent. You can maintain your own list of domains that you
trust to get ADSP right, and use standard software to apply that judgement.
--On 2 June 2010 08:35:56 -0400 John R. Levine jo...@iecc.com wrote:
There's ADSP code in Spamassassin for anyone who wants it. They suggest
that you configure it to ignore actual ADSP and hard code a handful of
domains such as paypal.com and ebay.com.
Why not do both? Look up, and log
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of John Levine
Sent: Wednesday, June 02, 2010 9:21 AM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
snip
On 6/2/2010 6:33 AM, MH Michael Hammer (5304) wrote:
It's really quite simple.
This is the crux of the disparity of views.
Those of use who note that none of this is simple worry about adoption and
success barriers, noting that new services have a long and problematic history
and that more
On Jun 2, 2010, at 4:50 AM, Ian Eiloart wrote:
--On 27 May 2010 14:57:06 -0700 Steve Atkins st...@wordtothewise.com wrote:
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
39% rejected by ADSP
61% not
On 6/2/2010 9:12 AM, MH Michael Hammer (5304) wrote:
For shame Dave. Taking one sentence out of context is something I would
not have expected from you.
After all this time, I am glad to hear that I can still surprise you...
FWIW I took it out of context entirely knowingly. Frankly, I
John Levine jo...@iecc.com wrote:
Similarly, with ADSP you don't have to rely on published information, and
when information is published, you don't have to guess whether the
publisher is competent. You can maintain your own list of domains that you
trust to get ADSP right, and use standard
Well, you'd process that mail as if... there were no ADSP policy because...
there's no ADSP policy.
I guess I agree, since I would use a credible manually maintained
list and ignore the ADSP whether or not there was any.
R's,
John
___
NOTE WELL:
On May 28, 2010, at 12:01 AM, Steve Atkins wrote:
1. Do we want to reduce the DKIM broken signature rate or do we want to make
ADSP less vulnerable to it. Or both, I guess.
I think both of those objectives are of interest.
2. If we want to reduce the DKIM broken signature rate, do we
On May 28, 2010, at 1:08 AM, Steve Atkins wrote:
Paypal is rather a special case, as they actively register
many, many domains in a lot of TLDs that contain the word
paypal or some misspelling of it, both proactively and in
response to enforcement. I didn't consider those domains
as
On 06/02/2010 11:41 AM, Steve Atkins wrote:
Fourth, as I mentioned above, even if all you said was valid, registering
thousands of domains in order to make ADSP sort-of work against phishing
isn't something that scales, either in terms of domain name system nor the
expense. If ADSP requires
vs contributor signatures, was Wrong
Discussion
snip
Here's a thought experiment: let's say you have your list of domains
that are known to be phish targets that sign their mail, so you drop
unsigned mail, and they all happen to publish ADSP. Someone's ADSP
record goes away
On May 28, 2010, at 12:28 AM, Steve Atkins wrote:
On May 27, 2010, at 9:15 PM, John Levine wrote:
On the other hand, John and Steve expect that the benefits PayPal is
seeing in thwarted phishing messages will be short-lived, as phishers
just change domain names, and send out just as many
In terms of public information, we are in production with DKIM
verification/blocking today with two mailbox providers. We'd like to be in
production with say... two hundred by some near-term date certain. Hence the
need for ADSP.
This is a non-sequitur, but we've been through it before
On Jun 2, 2010, at 2:41 PM, Steve Atkins wrote:
On Jun 2, 2010, at 10:59 AM, Brett McDowell wrote:
On May 28, 2010, at 1:08 AM, Steve Atkins wrote:
Paypal is rather a special case, as they actively register
many, many domains in a lot of TLDs that contain the word
paypal or some
On May 28, 2010, at 12:15 AM, John Levine wrote:
On the other hand, John and Steve expect that the benefits PayPal is
seeing in thwarted phishing messages will be short-lived, as phishers
just change domain names, and send out just as many messages as
before, fooling just as many recipients
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Michael Thomas
Sent: Wednesday, June 02, 2010 3:07 PM
To: Steve Atkins
Cc: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On May 28, 2010, at 12:14 AM, John Levine wrote:
So I understand your line of reasoning. But today, I believe ADSP can
provide a benefit. Brett has data that supports that.
Once again, we have a pernicious confusion between manually maintained
drop lists and ADSP.
Brett has data that
On Jun 2, 2010, at 3:26 PM, John R. Levine wrote:
Recent experience suggests that they often don't.
Can you name someone with ADSP experience who doesn't understand what it
means?
Not to pick on you specifically, since there are multiple examples, but I'd
say that domains that publish
On 6/2/2010 11:29 AM, Brett McDowell wrote:
ADSP seems to mean one thing to pundits and something else to the people
actually using it. Who is right?
Recent experience suggests that they often don't.
Can you name someone with ADSP experience who doesn't understand what it
means?
Since
If the domain or subdomain involved has enduser (at all) accounts then
it is likely a poor candidate for ADSP DISCARDABLE. ADSP DISCARDABLE
should be used for domains that are subject to high levels of abuse and
are used primarily for transactional or marketing email and where the
mail flows
-Original Message-
From: John R. Levine [mailto:jo...@iecc.com]
Sent: Wednesday, June 02, 2010 3:38 PM
To: MH Michael Hammer (5304)
Cc: DKIM List
Subject: RE: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
I can't help myself. This image of John sitting
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Dave CROCKER
Sent: Wednesday, June 02, 2010 3:48 PM
To: Brett McDowell
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
On 6/2/2010 12:58 PM, MH Michael Hammer (5304) wrote:
Since we've been seeing reports of breakage due to using ADSP records for
domains that are not under sufficient control, it is clear that some
fraction of the ADSP-using world does not understand what it is for, or at
least what its
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Brett McDowell
Sent: Wednesday, June 02, 2010 3:46 PM
To: John R. Levine
Cc: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
-Original Message-
From: MH Michael Hammer (5304)
Sent: Wednesday, June 02, 2010 4:21 PM
To: 'Brett McDowell'; John R. Levine
Cc: DKIM List
Subject: RE: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
Actually, IETF has been somewhat mild compared
On 6/2/2010 1:21 PM, MH Michael Hammer (5304) wrote:
Actually, IETF has been somewhat mild compared to MARIDG.
Narrower topic. Smaller group.
Made it a lot easier to be selective with the attacks...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
-Original Message-
From: Dave CROCKER [mailto:d...@dcrocker.net]
Sent: Wednesday, June 02, 2010 4:06 PM
To: MH Michael Hammer (5304)
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On 6/2/2010 12:58 PM, MH Michael
-Original Message-
From: Dave CROCKER [mailto:d...@dcrocker.net]
Sent: Wednesday, June 02, 2010 4:26 PM
To: MH Michael Hammer (5304)
Cc: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On 6/2/2010 1:21 PM, MH Michael Hammer (5304
On Jun 2, 2010, at 12:28 PM, Brett McDowell wrote:
On Jun 2, 2010, at 2:41 PM, Steve Atkins wrote:
Second...
steve$ host -t txt _adsp._domainkey.paypal.net
_adsp._domainkey.paypal.net has no TXT record
steve$ host -t txt paypal.net
paypal.net has no TXT record
... I
On Jun 2, 2010, at 4:05 PM, Dave CROCKER wrote:
If proponents want simply to keep automatically saying that things are great
and
keep automatically rejecting any counter-points, then I'm not clear what the
purpose of these discussions is.
If opponents want simply to keep automatically
On Jun 2, 2010, at 4:36 PM, MH Michael Hammer (5304) wrote:
So, is this a discussion about a BCP for MLMs or is this a discussion
about revisiting the ADSP spec? The course of the discussion really
depends on what the consensus is.
Let's break these up. Murray tried and I think succeeded to
Michael Hammer (5304) wrote:
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Brett McDowell
Sent: Wednesday, June 02, 2010 3:46 PM
To: John R. Levine
Cc: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures
wakes up
MH Michael Hammer (5304) wrote:
I'm still waiting for someone to produce use numbers (of domains) for
ADSP. Just out of curiosity, what number do we have to reach to hit the
technical term massive? Somehow I doubt that in it's current
incarnation ADSP will ever have massive
...
1. Do we want to reduce the DKIM broken signature rate or do we want to
make ADSP less vulnerable to it. Or both, I guess.
2. If we want to reduce the DKIM broken signature rate, do we need to
rework DKIM at all, or do we need to make operational recommendations to
the generator and
On 5/27/10 9:01 PM, Steve Atkins wrote:
There are, I think, two problems that are intrinsic to the use of ADSP in the
context of mitigating phishing email.
One underlying problem is that ADSP is based on the inverse of an
intentionally unreliable positive assertion (DKIM). That maps the
On May 27, 2010, at 10:02 PM, Scott Kitterman wrote:
...
1. Do we want to reduce the DKIM broken signature rate or do we want to
make ADSP less vulnerable to it. Or both, I guess.
2. If we want to reduce the DKIM broken signature rate, do we need to
rework DKIM at all, or do we need to
Hi Brett,
[feel free to follow up off-list]
At 12:36 27-05-10, Brett McDowell wrote:
It would probably help me if you folks could send me questions
(probably off-list as I'm not sure how relevant this is to the WG
scope) that I can use as a guide for exactly how to wrangle our data
into a
On 27/May/10 20:45, Douglas Otis wrote:
To better answer Steve's criticisms on phishing, our company among
others, offers browser plugins for web mail and popular email
applications that annotate messages using corporate icons.
Yes, perhaps a favicon would get more adoption than, say,
On Fri, May 28, 2010 at 12:14 AM, John Levine jo...@iecc.com wrote:
So I understand your line of reasoning. But today, I believe ADSP can
provide a benefit. Brett has data that supports that.
Once again, we have a pernicious confusion between manually maintained
drop lists and ADSP.
Brett has
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list. Manually, there is confidence in understanding the
ramifications. Self published (ADSP) there is no assurance in the
understanding of the
On Fri, May 28, 2010 at 2:32 PM, John R. Levine jo...@iecc.com wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list. Manually, there is confidence in understanding the
ramifications. Self published
On 5/28/10 9:24 AM, Alessandro Vesely wrote:
I agree ADSP currently leaves much to be desired. It deserves
completion. (DKIM itself is in a similar situation, since it is still
not MIME-compliant. A somewhat embarrassing circumstance for a
protocol designed not to break forwarding.)
Major
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list.
There is a key semantic difference which, I believe, makes for a key difference
in utility.
In a
In past discussions there had been an expressed concern that the
number of domains/companies who send notifications and are phish
targets is very low, but I would counter that it is not low at all.
The question is low compared to what. There are probably thousands,
maybe tens of thousands of
On Fri, May 28, 2010 at 3:34 PM, John Levine jo...@iecc.com wrote:
In past discussions there had been an expressed concern that the
number of domains/companies who send notifications and are phish
targets is very low, but I would counter that it is not low at all.
The question is low compared to
On 5/28/10 2:09 PM, Al Iverson wrote:
On Fri, May 28, 2010 at 3:34 PM, John Levinejo...@iecc.com wrote:
In past discussions there had been an expressed concern that the
number of domains/companies who send notifications and are phish
targets is very low, but I would counter that it is
Dave CROCKER wrote:
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list.
There is a key semantic difference which, I believe, makes for a key
On 5/28/10 2:24 PM, Rolf E. Sonneveld wrote:
Dave CROCKER wrote:
On 5/28/2010 12:07 PM, Jeff Macdonald wrote:
But I'd like to see if I understand the difference your are trying to
highlight between a manually maintained list and a self published
list.
There is a key
I thought I had. Remember that business about 100 million phishing
attacks being blocked (DKIM alone would not have delivered that... it
was our policy assertion and the acceptance to act on that policy
assertion that made this happen)?
Right. But then there is the utterly unwarranted leap to
Steve Atkins and I have explained why that's utterly implausible enough
times that anyone who's interested can easily find it in the list
archives.
With all due respect, the two of you don't constitute consensus,
and I don't think abruptly stifling legitimate debate like this
serves the
On 5/26/10 8:28 PM, Steve Atkins wrote:
So it says nothing about the threat it's supposed to thwart. Without that
there's no possibility of creating an attack tree. And without that, there's
no possibility of doing any security analysis on any proposal. And ADSP
is (I think) primarily a
Since these are all rhetorical questions, let's cut to the chase:
do you believe John, who never believed in ADSP and has repeatedly said
that he hope it fails, and who has a microscopic amount of deployment
experience if any at all. Or do we believe Brett/paypal that ADSP is
providing benefit
do you believe John, who never believed in ADSP and has repeatedly said
that he hope it fails, and who has a microscopic amount of deployment
experience if any at all. Or do we believe Brett/paypal that ADSP is
providing benefit *today* in the form of 100's of millions of thwarted
phishes,
On 05/27/2010 07:05 AM, Barry Leiba wrote:
do you believe John, who never believed in ADSP and has repeatedly said
that he hope it fails, and who has a microscopic amount of deployment
experience if any at all. Or do we believe Brett/paypal that ADSP is
providing benefit *today* in the form of
On Wed, May 26, 2010 at 11:28 PM, Steve Atkins st...@wordtothewise.com wrote:
So what actual operational problem does it attempt to solve? A byte
sequence in an email header field that's commonly not shown to the
user is not an operational problem. It might be a middle point in a
line of
On 5/27/10 7:53 AM, Jeff Macdonald wrote:
So I understand your line of reasoning. But today, I believe ADSP can
provide a benefit. Brett has data that supports that. It may have a
limited lifetime. But I don't think this will be the only RFC that has
a limited lifetime in the transition to an
On May 27, 2010, at 10:39 AM, Michael Thomas wrote:
The problem with the cross examination that John and Steve are trying
to perform is that the witnesses are under no obligation to respond. And,
quite reasonably, they don't.
I appreciate the support, but I didn't want to leave anyone with
On May 27, 2010, at 10:05 AM, Barry Leiba wrote:
do you believe John, who never believed in ADSP and has repeatedly said
that he hope it fails, and who has a microscopic amount of deployment
experience if any at all. Or do we believe Brett/paypal that ADSP is
providing benefit *today* in the
On May 27, 2010, at 1:25 AM, Steve Atkins wrote:
On May 26, 2010, at 9:24 PM, SM wrote:
At 11:20 26-05-10, Murray S. Kucherawy wrote:
I've written code implementing all of this stuff, but I've never run
it in an operational environment of the size or nature that Brett
does. So I want
On May 26, 2010, at 11:28 PM, Steve Atkins wrote:
I'm pretty sure that ADSP as-is is a bad tool to solve any particular problem.
But given it's not being proposed to solve any concrete problem, it's
hard to discuss whether there's a better solution.
Are you deliberately ignoring the data I
On May 26, 2010, at 5:00 PM, Steve Atkins wrote:
On May 26, 2010, at 12:46 PM, Brett McDowell wrote:
Paypal is claiming an operational benefit, but haven't actually
demonstrated that ADSP either provides that benefit, nor that
those benefits can't be provided in a significantly cheaper
On May 27, 2010, at 3:41 PM, Dave CROCKER wrote:
More than expecting to, we are actively working on deployments with parties
interested in opting-in to this open, standards-based, authenticated email
ecosystem. Unfortunately for the sake of this debate, I cannot disclose who
just yet.
On 5/27/2010 1:30 PM, Brett McDowell wrote:
On May 27, 2010, at 3:41 PM, Dave CROCKER wrote:
A problem, here, is that you are using that citation as a kind of proof of
the correctness of your position, but we do not have access to the data to
make an independent assessment.
It was offered
On May 27, 2010, at 12:46 PM, Brett McDowell wrote:
On May 26, 2010, at 11:28 PM, Steve Atkins wrote:
I'm pretty sure that ADSP as-is is a bad tool to solve any particular
problem.
But given it's not being proposed to solve any concrete problem, it's
hard to discuss whether there's a
On May 27, 2010, at 2:22 PM, Steve Atkins thinkoed:
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
39% rejected by ADSP
61% rejected.
That should be
Legitimate email from paypal:
72% rejected by
I must have missed an email or something... what's the context for and/or
source of this data?
On May 27, 2010, at 5:57 PM, Steve Atkins wrote:
On May 27, 2010, at 2:22 PM, Steve Atkins thinkoed:
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing
(disregard previous, I did miss this message Steve... I have the context now...
a few comments below)
On May 27, 2010, at 5:22 PM, Steve Atkins wrote:
On May 27, 2010, at 12:46 PM, Brett McDowell wrote:
On May 26, 2010, at 11:28 PM, Steve Atkins wrote:
I'm pretty sure that ADSP as-is
On 5/27/10 4:14 PM, Brett McDowell wrote:
I think DKIM is a Good Thing that should be widely deployed. ADSP is
broken in many respects, and because it's tied to DKIMs mindshare
that brokenness deters DKIM adoption. So I believe that ADSP needs
to be fixed or it needs to be allowed to
We have had ADSP deployed since the week before the February MAAWG meeting.
I just asked our infrastructure guru to do a quick check and we are seeing
about a million ADSP look-up's per day at this point.
That's a good start. Now we need to figure out some way to find out who's
doing
Steve Atkins st...@wordtothewise.com wrote:
On May 27, 2010, at 2:22 PM, Steve Atkins thinkoed:
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
39% rejected by ADSP
61% rejected.
That should be
Brett McDowell brett.mcdow...@me.com wrote:
...
As a newbie to this list, I have to say I agree. This has been a far less
collegial debate than what I'm used to. That said, I may be guilty of
reciprocating, and if anyone feels they have been on the receiving end of
such, I apologize.
...
I
On May 27, 2010, at 7:38 PM, Scott Kitterman wrote:
Steve Atkins st...@wordtothewise.com wrote:
That should be
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
39% rejected by ADSP
61% not rejected.
Steve Atkins st...@wordtothewise.com wrote:
On May 27, 2010, at 7:38 PM, Scott Kitterman wrote:
Steve Atkins st...@wordtothewise.com wrote:
That should be
Legitimate email from paypal:
72% rejected by ADSP
28% not rejected
Phishing emails using paypal in the From line:
On May 27, 2010, at 7:39 PM, Scott Kitterman wrote:
Brett McDowell brett.mcdow...@me.com wrote:
...
As a newbie to this list, I have to say I agree. This has been a far less
collegial debate than what I'm used to. That said, I may be guilty of
reciprocating, and if anyone feels they
On 5/27/2010 2:22 PM, Steve Atkins wrote:
I'll write up the methodology in a little more detail, but out of my sample
eager to see the method description. not lots of detail, just the gist of what
criteria created each of the 4 values.
the initial data is:
Legitimate email from paypal:
So I understand your line of reasoning. But today, I believe ADSP can
provide a benefit. Brett has data that supports that.
Once again, we have a pernicious confusion between manually maintained
drop lists and ADSP.
Brett has data that supports the former, not the latter.
R's,
John
On the other hand, John and Steve expect that the benefits PayPal is
seeing in thwarted phishing messages will be short-lived, as phishers
just change domain names, and send out just as many messages as
before, fooling just as many recipients into thinking they're from
PayPal.
Actually, that's
On May 27, 2010, at 9:15 PM, John Levine wrote:
On the other hand, John and Steve expect that the benefits PayPal is
seeing in thwarted phishing messages will be short-lived, as phishers
just change domain names, and send out just as many messages as
before, fooling just as many recipients
On May 27, 2010, at 9:03 PM, Dave CROCKER wrote:
On 5/27/2010 2:22 PM, Steve Atkins wrote:
I'll write up the methodology in a little more detail, but out of my sample
eager to see the method description. not lots of detail, just the gist of
what
criteria created each of the 4
On 05/27/2010 09:14 PM, John Levine wrote:
So I understand your line of reasoning. But today, I believe ADSP can
provide a benefit. Brett has data that supports that.
Once again, we have a pernicious confusion between manually maintained
drop lists and ADSP.
Brett has data that supports the
--On 25 May 2010 16:03:23 -0700 Steve Atkins st...@wordtothewise.com
wrote:
If ADSP is not there to prevent fraudulent use of your brand, what
is it for?
The problem is with the word prevent. At best ADSP can mitigate the risk.
It says nothing about what a competitor might print on a
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Steve Atkins
Sent: Tuesday, May 25, 2010 7:03 PM
To: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On May 25, 2010, at 3:38
Atkins
Sent: Tuesday, May 25, 2010 7:03 PM
To: DKIM List
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On May 25, 2010, at 3:38 PM, Brett McDowell wrote:
On May 10, 2010, at 3:09 PM, Steve Atkins wrote:
On May 10, 2010, at 11:59 AM, John R. Levine wrote
On May 25, 2010, at 7:03 PM, Steve Atkins wrote:
On May 25, 2010, at 3:38 PM, Brett McDowell wrote:
On May 10, 2010, at 3:09 PM, Steve Atkins wrote:
On May 10, 2010, at 11:59 AM, John R. Levine wrote:
Apart from ADSP rules, a broken signature must be treated as if there was
no
Problem = phishing
Utility = just one sender + two mailbox providers have blocked over
100 million phishing attacks, many of those blocks also resulted in
site take-downs.
The value of what we already have from your efforts in IETF is HUGE
for consumer protection.
I believe this is a big win
On 05/26/2010 08:55 AM, John Levine wrote:
Problem = phishing
Utility = just one sender + two mailbox providers have blocked over
100 million phishing attacks, many of those blocks also resulted in
site take-downs.
The value of what we already have from your efforts in IETF is HUGE
for
I respectfully disagree with you.
We *were* a special case. Soon we will not be a special case because ADSP will
enable all mailbox providers, if they choose, to do for others what they have
historically done for us. That's the big win that only ADSP could ever enable.
Apparently such an
We *were* a special case. Soon we will not be a special case because
ADSP will enable all mailbox providers, if they choose, to do for others
what they have historically done for us.
Steve Atkins and I have explained why that's utterly implausible enough
times that anyone who's interested
On May 26, 2010, at 9:14 AM, Brett McDowell wrote:
I respectfully disagree with you.
We *were* a special case. Soon we will not be a special case because ADSP
will enable all mailbox providers, if they choose, to do for others what they
have historically done for us. That's the big
On 05/26/2010 09:58 AM, Steve Atkins wrote:
On May 26, 2010, at 9:14 AM, Brett McDowell wrote:
I respectfully disagree with you.
We *were* a special case. Soon we will not be a special case because ADSP
will enable all mailbox providers, if they choose, to do for others what
they have
1 - 100 of 187 matches
Mail list logo
