ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] what do do with a signature, was detecting

2010-10-20 10:57:50
from [John R. Levine] [Permanent Link] 
[ I'm following this thread because it's related to advice in 4871 that we 
should probably remove from 4871bis ]


So you're saying that all a spammer has to do is to put on a throwaway
domain's signature, and the MUA will highlight at least parts of the
message with green goodness?  Surely our understanding of domain
reputation is better than that.


I believe that's the basis of this whole discussion, isn't it. The point is 
that the MUA tells you whether the header was signed, and leaves you to apply 
the domain or address reputation. I think that's a step forward. At least, it 
is when I know the purported author.


Hmmn.  You don't know the purported author, all you know is the actual 
signer.

We have a message offering you a job as an Internet Payment Processor. 
It's from recruitment(_at_)reliable-home-work(_dot_)com, and signed by 
reliable-home-work.com.  Do you paint it green and show it to your users? 
What if it was sent through gmail and had a google.com signature?  How 
many of your users even know what a money mule is?

I think that if you look through papers at CEAS and similar fora, you'll 
find that manual classification of mail is not particularly accurate, and 
is a huge waste of time.  Well tuned filters do at least as good a job 
with far less human effort, and the reasonable things for humans to do is 
to tell the filtering engine when it guessed wrong either explicitly, or 
implicitly by moving stuff between inbox and junk folder.


And, surely I'm better at assigning reputation to -say- my brother than 
any automated system is.


Given the number of spam complaints I get about on-topic messages to COI 
discussion lists, don't count on it.  And in any event, unless your 
brother is one of us weenies with his own vanity domain, his mail is going 
to be signed by his employer or his ISP, so he won't have his own 
mailstream reputation anyway.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] detecting header mutations after signing, Ian Eiloart
Next by Date:  Re: [ietf-dkim] detecting header mutations after signing, Ian Eiloart
Previous by Thread:  Re: [ietf-dkim] detecting header mutations after signing, Ian Eiloart
Next by Thread:  Re: [ietf-dkim] what do do with a signature, was detecting, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]