Re: [dmarc-ietf] Email security beyond DMARC?

"John R Levine" <johnl@taugh.com> Wed, 20 March 2019 14:48 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F41E12950A for <dmarc@ietfa.amsl.com>; Wed, 20 Mar 2019 07:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=ndreWg+Q; dkim=pass (1536-bit key) header.d=taugh.com header.b=N0OSAyZh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kL4dCdUGD_ql for <dmarc@ietfa.amsl.com>; Wed, 20 Mar 2019 07:48:52 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF2481279A8 for <dmarc@ietf.org>; Wed, 20 Mar 2019 07:48:51 -0700 (PDT)
Received: (qmail 90903 invoked from network); 20 Mar 2019 14:48:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=16313.5c9252d1.k1903; bh=j4SfjPBDuqmnFsUYFTtHirdxo+Yv10GYSEu7mH1dOY8=; b=ndreWg+QnoO1+mXxeKboF+X8LT6t6KUavB/zMJRY9cb8yvqCWwjG5y3sDynG0ClsPY//9O+x0WAk+sypb4q5h8moW5NXB/D0uREJw0AjPvrraWuARwl5iMd0AOMDXnz8RFpDRqunAKM80NWp2WNzOq2DRUMM8qf4PaZcqmKu0i3AKUAN6hm3TPkyL0/unU/XwWs1SCmMEmtSuPi5rrL1UvN/8ridaO7nkLbtKwAxHY9PoF+VBRypuWucSr7ghS94
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=16313.5c9252d1.k1903; bh=j4SfjPBDuqmnFsUYFTtHirdxo+Yv10GYSEu7mH1dOY8=; b=N0OSAyZh0DnCpFrEN9klNJpSrVwT5kHtQx98SciSHgVhw+uwUWe6xdyg9an1gayFTtA6atODqtJf3TveZNshRng56xH0+P0xaTDlbZtgWAqdgv9DQiOj0e2f/9QlNd/V5JocppPKI1w3kK9YMhSDuxZxHiEZd6c2iBh98kglG7Gy5UngB0rimruCNJGgqtsw3+c8wDV363jocN8Wh8Qs9DbCIiF5Ks+wCf//zMInRWxQleYrA6Rc9lPnaoODRp87
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 20 Mar 2019 14:48:49 -0000
Date: 20 Mar 2019 10:48:48 -0400
Message-ID: <alpine.OSX.2.21.1903201042010.79863@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "Bernie Hoeneisen" <bernie@ietf.hoeneisen.ch>
Cc: dmarc@ietf.org
In-Reply-To: <alpine.DEB.2.20.1903201442260.7108@softronics.hoeneisen.ch>
References: <20190319184209.804E42010381DB@ary.qy> <alpine.DEB.2.20.1903201442260.7108@softronics.hoeneisen.ch>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UyO2HE8Gw3YC_6q9ywiEzj7K3ns>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 14:48:54 -0000

On Wed, 20 Mar 2019, Bernie Hoeneisen wrote:
>>  I presume that PeP would make spam filtering much harder since the filters
>>  can't look inside the messages.
>
> This is a mutual challenge of email systems that use true end-to-end 
> encryption. While those improve Privacy, spam mitigation means need to be 
> adjusted.

I'm assuming that you don't have have much experience with spam filtering 
at scale.  Let me just say that if you can't look inside the messages, 
there is a vast amount of spam you can't catch.  Many systems send a 
mixture of spam and legit mail, which from the outside look the same.

> On the other hand, pEp (inherently) also provides some additional means for 
> spam mitigation / detection (on the client), e.g. end-to-end authentication 
> of the peer user.

This is a common misconception among people unfamiliar with spam 
filtering.  The majority of the spam that makes it into my inbox is sent 
from real accounts that are either compromised or created in bulk at free 
mail sytstems.  Authentication would make no difference since all that 
spam could authenticate perfectly.

> If pEp is applied on top of existing email infrastructure (which is likely 
> the case in most scenarios), DMARC can also be used in conjunction with pEp 
> emails.

DMARC has never been an anti-spam scheme.  It's about phishing, which is 
not the same thing.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly