Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
2021-05-25 19:50:53Dave Crocker writes:
Large mail systems all do this. We hoped that there would be shared DKIM reputation lists like there are shared IP lists but so far that hasn't happened.This is never going to happen. Domains are relatively cheap. If a domain acquires negative social credit it'll be discarded and replaced by a new one.One of the continuing, strategic challenges in anti-abuse work is that people who work in it necessarily have a primary focus on bad actors. A collaborative mechanism -- such as DKIM, where the originating site literally signs up for identification and assessment -- creates a challenge, in that evaluating good actors is quite a different job from evaluating bad actors. It's not that good actors are perfect, but that they are less likely to act badly and typically it won't be intentionally.
So what you're saying is that usage of DKIM is more indicative of a good actor than a bad actor.
Think misdemeanor rather than felony...So the fact that domains are cheap is less relevant than a good actor wanting to create a clean record of being a good actor.
I just did a rough search of my mailbox, looking at the proportion of non- spam mail with DKIM-Signature: field versus the spam bin.
Would you believe that the difference, between the two categories, was a rounding error? For both spam and non-spam mail, roughly 60% of it carried a DKIM-Signature.
But what was interesting is that the majority of spam without a DKIM- Signature were either lame advance fee fraud attempts, or a lame ransomware or virus infestation attempts. I find that subcategories of spam to be far less annoying than others.
Some percentage of advance fee fraud attempts and ransomware were from large mail providers that stamped a DKIM-Signature: header.
But nearly all other spam, the kind that I do have a major problem with, the specific type that I'm bitching about, nearly all of it carries a DKIM- Siganture: field. I only found very, very few exceptions to that.
So, my direct experience is that it's other way around: a presence of a DKIM- Signature: header indicates that this is more likely to be spam than not. Not by a lot, as it turns out to be, but it is distinguishing.
Now, to John's point, that DKIM alone is not indicative of reputation, that it only serves to ascertain identity, and with that out of the way you can now evaluate the proven identity's reputation. Well, the problem with that is twofold:
1) There are no known (at least to me) established reputation providers. And even if there are some that claim to be, history teaches that they don't really accomplish much.
2) So you're left with building and maintaining your own reputation database.That seems like a lot of work to me. Perhaps a large mail provider might have resources to dedicate to this, but even then I'll be quite skeptical of how well it would work, for a variety of reasons.
And for non-large provider, I just don't see it working. And with that, what good is a proven identity, when you have no easy and low-cost way of evaluating the reputation of that identity? And that, in a nutshell, is the problem I see with proving domain identities.
pgpcLKoqsbUhv.pgp
Description: PGP signature
_______________________________________________ ietf-smtp mailing list ietf-smtp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/ietf-smtp
| Previous by Date: | Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Dave Crocker |
|---|---|
| Next by Date: | Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Dave Crocker |
| Previous by Thread: | Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Dave Crocker |
| Next by Thread: | Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles, Dave Crocker |
| Indexes: | [Date] [Thread] [Top] [All Lists] |