ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles

2021-05-25 20:15:00
On 5/25/2021 5:50 PM, Sam Varshavchik wrote:
Dave Crocker writes:

Large mail systems all do this. We hoped that
there would be shared DKIM reputation lists like there are shared IP
lists but so far that hasn't happened.

This is never going to happen. Domains are relatively cheap. If a domain acquires negative social credit it'll be discarded and replaced by a new one.

One of the continuing, strategic challenges in anti-abuse work is that people who work in it necessarily have a primary focus on bad actors. A collaborative mechanism -- such as DKIM, where the originating site literally signs up for identification and assessment -- creates a challenge, in that evaluating good actors is quite a different job from evaluating bad actors.  It's not that good actors are perfect, but that they are less likely to act badly and typically it won't be intentionally.

So what you're saying is that usage of DKIM is more indicative of a good actor than a bad actor.

Actually, no, that's not what I said. Bad actors are always the first to adopt the newest anti-spam technologies, to abuse those unfortunates who interpret DKIM the way you described.

DKIM establishes a clean (noise-free) channel from the signer, which means that any assessment about them really is about them. If they are bad actors, that is a lot easier to assess, as is if they are good actors.



Think misdemeanor rather than felony...

So the fact that domains are cheap is less relevant than a good actor wanting to create a clean record of being a good actor.

I just did a rough search of my mailbox, looking at the proportion of non-spam mail with DKIM-Signature: field versus the spam bin.

cf, above, about bad actors.


But nearly all other spam, the kind that I do have a major problem with, the specific type that I'm bitching about, nearly all of it carries a DKIM-Siganture: field. I only found very, very few exceptions to that.

For those assessed as bad actors, was any of their mail mixed in with mail from a different signer who was assessed to be a good actor?

That differentiation is the value DKIM can provide. It eliminates or reduces noise.


Now, to John's point, that DKIM alone is not indicative of reputation, that it only serves to ascertain identity, and with that out of the way you can now evaluate the proven identity's reputation. Well, the problem with that is twofold:

1) There are no known (at least to me) established reputation providers. And even if there are some that claim to be, history teaches that they don't really accomplish much.

Gosh, you mean that each evaluator needs to formulate their own criteria, about a complex, fuzzy topic? Yup!


2) So you're left with building and maintaining your own reputation database.

That seems like a lot of work to me.

It is. Sad reality. Lot of criminals on the streets make safe navigation challenging. Most people need to outsource their safety efforts.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>