spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] SPF, DKIM, and NIH

2009-10-13 13:29:33
from [David MacQuigg] [Permanent Link] 
Ian Eiloart wrote:
--On 13 October 2009 13:39:44 +0200 Alessandro Vesely <vesely(_at_)tana(_dot_)it> wrote: 
David MacQuigg wrote:

Ian Eiloart wrote:

If SPF fails, then look for a DKIM signature. If you get a good one,
you're likely seeing traditional forwarding.


Or forwarding by a crook.  What prevents a spammer from sending a
billion ads for Viagra, all with a valid DKIM signature from a reputable 
domain?  All it takes is one signed message.  The rest can be copies,
"forwarded" via a botnet.
Nothing prevents that, but the only purpose it would serve would be to harm the reputation of the original signer, or to increase the income of the original signer. The spammer could derive no benefit, since the advert would not route the buyer through the spammer's reward system.
Most of the spam hitting my receiver at box67.com does not depend on a reply to a verified address. The spammer or phisher benefits when you click on a link, or buy a stock, or change your thinking on a political issue.
As for the reputation of the original signer, it won't suffer much. Most receivers have enough common sense to not blame Yahoo for one spam slipping past their filters. Lowering Yahoo's reputation would only harm the receiver's filtering process.
Now, let's get more specific. Suppose the original message were sent from a gmail account set up for the purpose. You're proposing this mechanism to route around rate-limiting, or other bulk mail detectors on the gmail server. That's fine, it'll do that. And who's reputation suffers? Not gmail's, but the sender address. With a sufficiently responsive reputation infrastructure, the sender address will quickly acquire poor reputation.
Most spam is transmitted by zombies in a botnet. Gmail is an exception. Their reputation is suffering, because the spam is coming directly from their authorized transmitters.
Nobody would be daft enough to assign anything but neutral reputation to the gmail.com domain, would they?
The domain associate with their transmitters is actually google.com, and our rating has varied from B to C. C is "unknown" or "neutral" to use your terminology. We have never assigned a rating lower than C, because spammers never stick with one name long enough to acquire a "bad" reputation. 

-- Dave



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
Next by Date:  Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos
Next by Thread:  Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]