Re: [spf-discuss] SPF, DKIM, and NIH

--On 13 October 2009 10:25:15 -0700 David MacQuigg<macquigg(_at_)ece(_dot_)arizona(_dot_)edu> wrote:

Ian Eiloart wrote:

--On 13 October 2009 13:39:44 +0200 Alessandro Vesely 
<vesely(_at_)tana(_dot_)it>
wrote:

David MacQuigg wrote:

Ian Eiloart wrote:

If SPF fails, then look for a DKIM signature. If you get a good one,
you're likely seeing traditional forwarding.


Or forwarding by a crook.  What prevents a spammer from sending a
billion ads for Viagra, all with a valid DKIM signature from a
reputable
domain?  All it takes is one signed message.  The rest can be copies,
"forwarded" via a botnet.


Nothing prevents that, but the only purpose it would serve would be to
harm the reputation of the original signer, or to increase the income
of the original signer. The spammer could derive no benefit, since the
advert would not route the buyer through the spammer's reward system.


Most of the spam hitting my receiver at box67.com does not depend on a
reply to a verified address.  The spammer or phisher benefits when you
click on a link, or buy a stock, or change your thinking on a political
issue.

That's not relevant. The message is still from the original sender, andstill benefits the original sender, because the body of the message issigned.

As for the reputation of the original signer, it won't suffer much.  Most
receivers have enough common sense to not blame Yahoo for one spam
slipping past their filters.  Lowering Yahoo's reputation would only harm
the receiver's filtering process.

That's a good point. For large ESPs, you have to do the reputationassignment by some part of the signed content of the message, perhaps the

From address. But, the DKIM signature allows you to do that for addresses

in the signing domain.

Now, let's get more specific. Suppose the original message were sent
from a gmail account set up for the purpose. You're proposing this
mechanism to route around rate-limiting, or other bulk mail detectors
on the gmail server. That's fine, it'll do that. And who's reputation
suffers? Not gmail's, but the sender address. With a sufficiently
responsive reputation infrastructure, the sender address will quickly
acquire poor reputation.


Most spam is transmitted by zombies in a botnet.  Gmail is an exception.
Their reputation is suffering, because the spam is coming directly from
their authorized transmitters.

Yep. Botnets can be reasonably deal with using IP reputation assignment.That's not true for the large ESPs, because the IP addresses are sharedwith good and bad senders. Similarly for large ESP domains.

Nobody would be daft enough to assign anything but neutral reputation
to the gmail.com domain, would they?


The domain associate with their transmitters is actually google.com, and
our rating has varied from B to C.   C is "unknown" or "neutral" to use
your terminology.  We have never assigned a rating lower than C, because
spammers never stick with one name long enough to acquire a "bad"
reputation.

-- Dave



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com