invisibilldotnet wrote:
> > Okay, great, thanks for the info. I think I'm going to include that and
> > dnswl.org in the next update. For dnswl.org, when they report high or
> > medium trust level (and when SPF also passes), the extension will say
> > "High Trust" or "Medium Trust". I'm not sure what message to use for
> > Sender Score Certified. "Medium Trust"?
>
> I personally vote against this. I use this extension simply because
> all it does is SPF checking. If you want to turn it into a full-blown
> anti-spam solution, go ahead and add DNSWLs, and you might as well
> throw in DNSBLs too.

DNSBLs have been in the extension for a while now!

But, the goal of the extension is to provide a tool against phishing
(not a mere SPF checker), and while SPF gives you authentication, it
doesn't tell you whether the sender is trustworthy. I'm not adding these
because they help identify spam, but rather because they help identify
domains sending SPF-passing mail that are nevertheless malicious (domain
look-alikes, for instance). Whether white lists are actually helpful at
this is yet to be seen, but judging from the blacklists (SURBL and
Spamhaus), I expect it'll have *some* value.

As for whether DNSWLs are going to become vindictive and arbitrary ---
at that point, I can take them out of the extension. That's why I asked
the list about SSC. Until then, so long as they're useful for
identifying phishing, I think it's a plus to include.

But, yes, there will be an option. There is an existing option to turn
off the DNSRBL checks, and that option will be co-opted to turn on and
off all of the white list checks too.

--
- Josh Tauberer

http://razor.occams.info

"Yields falsehood when preceded by its quotation! Yields
falsehood when preceded by its quotation!" Achilles to
Tortoise (in "Gödel, Escher, Bach" by Douglas Hofstadter)