On Thu, Dec 10, 2015 at 12:32:14PM +0000, Arnt Gulbrandsen wrote:
We don't know everything about how spam filters work. But IMO we
don't need to, because we know that: 1) all of the big four use
machine learning and feed everything they can into their machine
(whatever "can" means in each case) 2) there are some things about
the details they are not willing to disclose.
We know other things but really, it's enough: If the human ops at
the four biggest sites don't know the ultimate details of what their
spam filters are doing, and might not be permitted to describe it
even if they knew, then investigating the interoperability of any
proposal with current practice is intractable.
I think it's fair to assume every bit of the email headers (and body) is
used by spam filters in one way or another. I have anecdotal evidence of
spam filters detecting a campaign based on something as tiny as an extra
space in one of the headers.
But I don't think that's a good reason not to remove certain headers
and/or remove parts of some of them that potentially contain privacy
sensitive information. The real question is: would spam filters still be
able to do a good enough job if we removed these things?
I think the RG/WG/EG could ultimately lead to some kind of BCP that says
something like: to comply with this BCP document you MUST sign your
emails with DKIM and follow other good practices and then you MAY remove
internal routes and other information from the email headers. You SHOULD
add a cryptographic blob to identify customers and add a mechanism to
Of course, we're a long way away from reaching such a conclusion, and
perhaps we never will. But I think we may; hence I think it's worth the
effort (and time, and money).
My personal motivation is that I care about privacy (fundamental human
right, etc.) and that I think some easy and harmless improvements can be
made in email. But I also think that as privacy has become a hot topic,
there is a chance that individual organisations are going to be slagged
off for revealing too much in their headers. A BCP could help them make
the right changes, rather than remove headers or parts thereof at
Description: Digital signature
ietf-smtp mailing list