Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles

[Sam Varshavchik <mrsam@courier-mta.com>]

John Levine writes:

> According to Sam Varshavchik  <mrsam@courier-mta.com>:
> >I understand, very well, what the intent of DKIM is.
> >
> >However, it is what it is. If I observe what the practical reality of the
> >past or current usage of DKIM is, then this speaks for itself.
>
> I honestly do not undersatand what your point is.  It sounds like you're  
> saying
> that since it is not a magic FUSSP, it must be useless, but that would be  
> dumb
> so I doubt that's it.
>
> For example, do you believe that people whitelist mail using DKIM
> signatures from signers with good reputations?  Because we do.

I'm sure that's the case.

But I believe I made my point clear: that (the same) people can end up using  
the DKIM in exactly the opposite manner, for the simple reason that they see  
DKIM used more by unwanted mail, than not, and I explained why that turned  
out to be: a much higher adoption rate of DKIM by mail outsourcing providers  
than by other users. And when you are seeing most of your bad mail come from  
third party mail providers, then the combination of the two factors turns  
DKIM into a spam indication.

Again, I am not passing judgement or arguing DKIM's lofty goals. I  
understand what they are, what DKIM is, and its purported use cases. It's  
really no different than judging the presence of

X-PHP-Originating-Script: 33:SimpleMailInvoker.php

or

X-Mailer: PHPMailer

as also a high spam indication. I am struggling to find any message in my  
archive with those two headers that's not spam. Does this simple observation  
pass any judgement on those two fine products' stated use cases? No, it does  
not. But, again, in the real world things don't always work according to  
plan. And, all I'm saying, is that some may find DKIM-Signature: to be  
awfully similar to those two.