On November 15, 2016 10:53:19 AM CST, Martijn Grooten
<martijn(_at_)lapsedordinary(_dot_)net> wrote:
On Mon, Nov 14, 2016 at 07:42:16AM -0500, Scott Kitterman wrote:
OK. Ultimately, "don't sign spam" has got to be the solution or
reputation is
going to suffer, so I think they are going to have to eventually bite
the
bullet and fix it.
I think you underestimate how difficult it is to detect spam in cases
like this. Good spam, from a spammer's point of view, looks like
legitimate email, except that it's sent in bulk, or links to some bad
site (malware/phishing), or has a malicious attachment. The attachment
aside, none of this has to be present when the first instance of the
email is sent (and signed). And even detecting new malware isn't as
trivial as it may sound.
Not at all. As I understand the scenario, the provider knows it's bad, doesn't
send the mail on to the outside world, but still gives a signed copy back to
the originator (which is then available for replay).
Given that scenario, they've already done the hard part.
All the protocol solutions being discussed have huge negative implications for
email. I've yet to see a proposal I think should be implemented (my suggestion
about a now DMARC policy option still seems the least bad to me, but I don't
particularly like it).
Scott K
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html