Dave Crocker <dcrocker@xxxxxxxx> writes: >> The basic value proposition of any sender authentication system as an >> input to filtering is that lets you increase the sensitivity of the >> filters, while still obtaining an acceptable overall false positive >> rate. > > Nicely said. (And, by the way, I agree with the statement.) > > > Imagine that without sender auth, your filters have a false >> positive rate of P and a false negative rate of N. With sender auth, >> some fraction of those false positives will be eliminated, letting you >> dial up the sensitivity of the filter. If we assume that the sender >> authentication is perfect, then we get the following: >> Message Authenticated >> Yes No False >> positive 0 P' (P' > P) False negatives 0 >> N' (N' < N) >> But this makes it even more attractive for the good senders to >> authenticate their messages (because otherwise they stand a higher >> chance of being rejected) which means that the receivers can increase >> the sensitivity of their filters, and so on. > > So, at the end of the >> day, if something like DKIM is successful, I would expect an >> equilibrium where filters are set extremely high and nearly all good >> senders authenticate their messages because otherwise they stand >> an unacceptably high chance of having them rejected. > > I am less certain of "expect" than I am of "hope for". > > In any event, that is quite different from *requiring* everyone to > sign, or automatically rejecting all unsigned mail. Yet these are > what you were putting forward. I don't know what you mean by "putting forward". Here's what I wrote: AS I understand it the concern is that people who don't use DKIM will eventually not be able to send e-mail to people who are using it. I'm not sure that this is something that people should be concerned about, indeed, the logic of this kind of system is that if it succeeds that's exactly what will happen. I guess it depends on how significant you think the difference between "automatically rejecting all unsigned e-mail" and "unacceptably high chance of having them rejected" is. My view is that it's more a difference of degree than kind, but I apologize for speaking imprecisely. > Further as was pointed out at the BOF, the scenario you have describe > is a voluntary community collaboration. So if the outcome you > describe occurs, it will be because the community agrees that they > like that outcome. > > This makes it really perplexing to view it as a problem. And I didn't say it was a problem. Indeed, I said "I'm not sure that this is something that people should be concerned about..." -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf