RE: Replay attacks and ISP business models

["Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>]

> From: John R Levine [mailto:johnl@xxxxxxxx] 

> Sure, but now we're perilously close to saying that all 
> mailing lists have to upgrade or the DKIM replay detector 
> will whack them, which strikes me as a total non-starter.  
> That tells me that a replay detector won't be useful because 
> of all the false positives.

How is that different from telling folk they must DKIM their email or
the spam filter will whack 'em?


> > This is not what people who are in the spam control business are 
> > looking for, they already have systems that solve 90% of 
> spam problems 
> > and they want to add authentication because it shuts down 
> many of the 
> > tactics used in the remaining 10%.
> 
> Sounds about right to me.

When I design a system I don't just make it work for me and my company.
I try to make it work for as many groups as I can, even competitors in
some cases. Delivering the maximum possible value to effort ratio is the
aim.

I have a feeling that some folk are so focused on the 80/20 rule here
that they are failing to accept the fact that maybe they are actually
imposing a 50/50 cut and leaving an important 30% of low hanging fruit
functionality on the table.