John Levine writes:
Mailing lists have been editing messages for 40 years, long before anyone
ever thought of DKIM or DMARC. It is a well known DMARC failure that it
doesn't work with mailing lists.
s/that it doesn't work with mailing lists//.
I'm struggling to identify some tangible value-added that DKIM/DMARC brings
to the table.
Ostensibly, these signatures prove that the mail really comes from the
domain it purported to come from.
Ok, that's cool, but what is the point?
I'm told that this is to block spam that forges others domains.
Splendid, but I can't help but notice that spam that makes it past my spam
filters features a shiny signature more often than not.
Here's a small sample from today's batch. I've masked the domain to avoid
triggering someone's OCD's spam filter:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=[spam domain]
[blah blah blah]
From: "Mail-Admin courier-mta.com" <mailer-daemon@[spam domain]>
To: mrsam(_at_)courier-mta(_dot_)com
And here's one more:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=[spam domain]
[blah blah blah]
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=[spam domain];
[two for the price of one]
Subject: Strange Liver-Hormone Helps You Burn Fat 20 Hoursa Day
It seems very obvious to me that DKIM/DMARC has been a complete failure,
even ignoring mailing list-related breakage.
They had some initial success, when they were a novelty. That changed as
soon as their implementations gained some foothold. Spam senders figured out
that spam filters are whitelisting signed domains. Therefore, all they have
to do is use their own domain, sign their spam, and they's whitelisted!
Pure comedy gold.
pgpOkZSLNWDuq.pgp
Description: PGP signature
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp