ietf-asrg
[Top] [All Lists]

Re: [Asrg] The state of the email system

2008-11-17 11:56:01


DKIM is not intended to reduce spam.

And yet so many have written articles to the contrary, including wikipedia. (search DKIM spam)

Since DKIM is intended to identify the sender, to ensure sent email is legit and hasn't been forged, then it would reduce spam if all senders did this because reputation matters. For one thing, sending spam is illegal in many areas, so having proof a spam is yours would not be good from a legal defense perspective. Second, blacklisting with provably bad senders would be be more useful than some of the "random proof" blacklisting that goes on today.

Yes, if you are infected by a spambot, you will send signed spam. But if I can prove your system is sending spam, it may be easier and quicker to get resolution to clean that system. When most spam forges the sender, you can't complain to the purported sender that they are sending spam as it's not clear. Furthermore, if your computer is "willfully neglected" and sends out such spam despite notices, you'll get blacklisted, perhaps held accountable as a spammer under the law, and if ISPs don't knock off such abusing users, they will get blacklisted or perhaps held accountable, too.

With clear identification, spam and virus sending will go down in my opinion, regardless of whether that's the intent of a given technology.

Of course, like all such solutions, the real key is to get receiving systems to start demanding such security be in place to accept email. Step 1 is to get senders to use it, to be sure, since you need a good base of senders before anybody would block on the receiving end, but spam won't stop until step 2 is done, which is to block unless the sender is so identified.

David


_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg