[Top] [All Lists]

Re: [ietf-smtp] EHLO domain validation requirement in RFC 5321

2020-09-27 14:24:51
On Sun, 27 Sep 2020, Ned Freed wrote:
And, from the standpoint of those large providers, the fight
against spam and other sorts of evil behavior would be ever so
much easier if they had only a handful of other providers to
work with s.t. anything not coming from one of them was suspect.
Of course, the way DMARC was developed and deployed might be
believed to reflect exactly that attitude.

Having been around while DMARC was being designed, I don't think that was even a little bit the plan. The goal was to deter phishing of major targets like Paypal. Then AOL and Yahoo abused it and it's been downhill from there.

We have a problem that I think is insoluble: there is a long tail of mail senders, most of people in the tail don't know what they're doing, and spammers have made it impossible to give senders the benefit of the doubt. Given the prevalence and maliciousness of spam, much of which comes from compromised hosts whose nominal owners have no clue, if it doesn't look squeaky clean, it's probably malware.


ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>