ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles

2021-05-25 21:12:19
Dave Crocker writes:

Actually, no, that's not what I said. Bad actors are always the first to adopt the newest anti-spam technologies, to abuse those unfortunates who interpret DKIM the way you described.

DKIM establishes a clean (noise-free) channel from the signer, which means that any assessment about them really is about them. If they are bad actors, that is a lot easier to assess, as is if they are good actors.

Ah, but the first paragraph's the rub. That's why I saw DKIM-Signature: as a spam indicator: the bad actors' initial take-up of DKIM-Signature: was quite noticable.

That was definitely true at one point. Based on today's numbers that I looked at the mainstream adoption of DKIM sadly diluted its early value as a spam indicator, ironically.


But nearly all other spam, the kind that I do have a major problem with, the specific type that I'm bitching about, nearly all of it carries a DKIM- Siganture: field. I only found very, very few exceptions to that.

For those assessed as bad actors, was any of their mail mixed in with mail from a different signer who was assessed to be a good actor?

My sample wasn't large enough for that. I have no recollection of seeing this; except I have a dim recollection of receiving something non-spam from Sendgrid a very, very long time ago, before I wrote them off as damaged goods.

Interestingly enough, while researching this response, I found a copy of a sendgrid-sourced spam from December 2020, from a previously unknown (to me) IP address range (it was spamming an SMS-spam service). It did not have a DKIM/DMARC signature of any kind. Nothing from Sendgrid since then until today, when Sendgrid attempted to spam one of my Sourceforge mailing lists, with a monstrous DKIM-signed spam in Spanish.

So, looks like Sedngrid is
Now, to John's point, that DKIM alone is not indicative of reputation, that it only serves to ascertain identity, and with that out of the way you can now evaluate the proven identity's reputation. Well, the problem with that is twofold:

1) There are no known (at least to me) established reputation providers. And even if there are some that claim to be, history teaches that they don't really accomplish much.

Gosh, you mean that each evaluator needs to formulate their own criteria, about a complex, fuzzy topic? Yup!


2) So you're left with building and maintaining your own reputation database.

That seems like a lot of work to me.

It is. Sad reality. Lot of criminals on the streets make safe navigation challenging. Most people need to outsource their safety efforts.

You can't really have both. Either you "formulate your own criteria", or you'll outsource your spam filtering.

Attachment: pgpgeLLPi4wqq.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>