IETF Logo Mail Archive

Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles

Dave Crocker <dhc@dcrocker.net> Wed, 26 May 2021 02:19 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77FED3A1926 for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 19:19:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGWF6a1L_9Zr for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 19:19:53 -0700 (PDT)
Received: from buffalo.birch.relay.mailchannels.net (buffalo.birch.relay.mailchannels.net [23.83.209.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 391A43A1925 for <ietf-smtp@ietf.org>; Tue, 25 May 2021 19:19:53 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id E52E8481E50; Wed, 26 May 2021 02:19:50 +0000 (UTC)
Received: from nl-srv-smtpout4.hostinger.io (100-96-13-88.trex.outbound.svc.cluster.local [100.96.13.88]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id E869F481F61; Wed, 26 May 2021 02:19:49 +0000 (UTC)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from nl-srv-smtpout4.hostinger.io ([UNAVAILABLE]. [145.14.159.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256) by 100.96.13.88 (trex/6.2.1); Wed, 26 May 2021 02:19:50 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Cellar-Tart: 77bde1ad7ad5cb4e_1621995590649_3996721217
X-MC-Loop-Signature: 1621995590649:4146062217
X-MC-Ingress-Time: 1621995590649
Received: from [192.168.0.111] (108-226-162-63.lightspeed.sntcca.sbcglobal.net [108.226.162.63]) (Authenticated sender: dhc@dcrocker.net) by nl-srv-smtpout4.hostinger.io (smtp.hostinger.com) with ESMTPSA id B7C0C31EB0D4; Wed, 26 May 2021 02:19:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=hostingermail-a; t=1621995588; bh=fLcTIxCk9hIymHcw2PWC8kjcyos9xuljX0BhOlXbZx8=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To; b=seXXmrnfrIxhtH0qqhf6Jh1Svt9JYmiMQ/CW2tuE/8cYb6q5XqD7wZdAVmlp07Rea TknnxkMxiV+UOXYezb7kaMkaPlUC8OOp79vhtwKp4DWpyW4a0IKPAuTdf2r8qf+NrB vUnSEFV2QM01scyipmTjhZ/EcoiPN2RJx87YnpkY+ZJIWUW0FM0gvJjyCyLoCs4bwr o21hNcg2NQ062qYACgI8haCx/tfAM9gf5pfHQks4U1rrbbYDGXAlciXhp1oUaJVX5O 7sQ2O+5dPBnKSovkEOvpfktC6sKm+PWa6O/DBL0flzkTQAgzfHN8kAVKRR5JwixP24 bM9Hto9vYJWLg==
Reply-To: dcrocker@bbiw.net
To: Sam Varshavchik <mrsam@courier-mta.com>, ietf-smtp@ietf.org
References: <20210525012345.E42AE8A790D@ary.qy> <cone.1621939932.396187.66265.1004@monster.email-scan.com> <14fa34c7-c6a2-2c2c-3de9-f4f8c7327f9e@dcrocker.net> <cone.1621990228.782113.83228.1004@monster.email-scan.com> <5b98b0a0-3545-5370-c8d2-51533b0445f5@dcrocker.net> <cone.1621995114.332887.83228.1004@monster.email-scan.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <c751cdbd-6d9b-cbf3-bf08-966bed58a078@dcrocker.net>
Date: Tue, 25 May 2021 19:19:44 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2
MIME-Version: 1.0
In-Reply-To: <cone.1621995114.332887.83228.1004@monster.email-scan.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/Og7ezSl9-cBNS6PxP08ZsOFPtVY>
Subject: Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 02:19:59 -0000

On 5/25/2021 7:11 PM, Sam Varshavchik wrote:
> Dave Crocker writes:
> 
>> Actually, no, that's not what I said.  Bad actors are always the first 
>> to adopt the newest anti-spam technologies, to abuse those 
>> unfortunates who interpret DKIM the way you described.
>>
>> DKIM establishes a clean (noise-free) channel from the signer, which 
>> means that any assessment about them really is about them.  If they 
>> are bad actors, that is a lot easier to assess, as is if they are good 
>> actors.
> 
> Ah, but the first paragraph's the rub. That's why I saw DKIM-Signature: 
> as a spam indicator: the bad actors' initial take-up of DKIM-Signature: 
> was quite noticable.
> 
> That was definitely true at one point. Based on today's numbers that I 
> looked at the mainstream adoption of DKIM sadly diluted its early value 
> as a spam indicator, ironically.

You seem to have fixated on using the existence of a signature as 
indicating goodness or badness.  Since it isn't intended to do that, 
please stop casting the issue in terms of whether it accomplishes that.

One more time:

      1)  DKIM creates a noise free channel of mail associated with the 
signing identifier.

      2) A noise-free channel permits accurate assessment of the actor 
associated with the identifier.

      3) Assessment is a separate process from identification; DKIM does 
identification.



> You can't really have both. Either you "formulate your own criteria", or 
> you'll outsource your spam filtering.

Well, actually, you CAN do both, if you want.  But whether you can or 
not is irrelevant to any of the points I was making...

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email