ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles

2021-05-25 13:43:21
from [John Levine] [Permanent Link] 
It appears that Sam Varshavchik  <mrsam(_at_)courier-mta(_dot_)com> said:

I should clarify this. I see that occasionally. But when it does, I seem to  
always end up moving my goalposts, and conclude that the mail provider  
itself is rogue, and made a business decision to go into the business of  
providing spam outsourcing services, with some non-spam mail services on the  
side. So I treat it as a bad mail source.


You and I do not run large mail systems.  The bigger you are, the less latitude
you have to punish senders (even places like Sendgrid that deserve it) if it
means also losing the real mail they send.  On my small system I have elaborate
rules to post-filter Sendgrid's mail because there is useful stuff in with the 
crud
and my users are sad if it disappears.


I don't accept the premise that accepts bad and clean mail coming out of the  
same IP address using "oh well just use a domain signature" as a solution.


You certainly don't have to use DKIM if you don't want to, but large providers 
seem to feel differently.


Large mail systems all do this. We hoped that
there would be shared DKIM reputation lists like there are shared IP
lists but so far that hasn't happened.


This is never going to happen. Domains are relatively cheap. If a domain  
acquires negative social credit it'll be discarded and replaced by a new one.


Reputation goes both ways.  If a domain has a good reputation you can accept its
mail even if some of it smells sort of spammy.


The original point of DMARC was for B2C or B2B mail from heavily
phished domains like Paypal, that could say please discard anything
from us that fails DMARC ...



Eh, no. A large majority of user-facing mail clients are now hiding the  
sending mail address, and showing only the name, up front.

From: "Paypal Customer Service" <kjsdfjklk(_at_)934iowero(_dot_)us>


Yeah, we know.  But large providers tell me that DMARC still blocks a great
deal of phish that uses the target's actual domain name.


Most people will see "Paypal Customer Service". Valid domain signature for  
934iowero.us, and straight it goes into your Inbox.


You're making the same mistake again.  DMARC is not a whitelist.  If something 
is
DMARC aligned, all that means is that it was really sent by the domain in the 
From:
header.  You still apply reputaiton and other spam filters to it.  It's not a 
FUSSP.

R's,
John

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Terminology, was Followup to your reply on the IETF-SMTP mailing list, John Levine
Next by Date:  Re: [ietf-smtp] Should we update an RFC if people refuse to implement parts of it ?, Viktor Dukhovni
Previous by Thread:  Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Sam Varshavchik
Next by Thread:  Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Sam Varshavchik
Indexes:  [Date] [Thread] [Top] [All Lists]