Re: [ietf-smtp] Email explained from first principles
Sam Varshavchik <mrsam@courier-mta.com> Mon, 24 May 2021 22:06 UTC
Return-Path: <mrsam@courier-mta.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882A73A0CEB for <ietf-smtp@ietfa.amsl.com>; Mon, 24 May 2021 15:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.437
X-Spam-Level: *
X-Spam-Status: No, score=1.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DIET_1=0.001, RCVD_IN_PBL=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wK5QvPkebX2d for <ietf-smtp@ietfa.amsl.com>; Mon, 24 May 2021 15:06:34 -0700 (PDT)
Received: from mailx.courier-mta.com (mailx.courier-mta.com [68.166.206.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05EDF3A0CF5 for <ietf-smtp@ietf.org>; Mon, 24 May 2021 15:06:33 -0700 (PDT)
Received: from monster.email-scan.com (monster.email-scan.com [::ffff:192.168.0.2]) (TLS: TLSv1.3,256bits,TLS_AES_256_GCM_SHA384) by www.courier-mta.com with UTF8SMTPS id 000000000030000A.0000000060AC2366.000064A0; Mon, 24 May 2021 18:06:30 -0400
Received: from monster.email-scan.com (localhost [127.0.0.1]) (IDENT: uid 1004) by monster.email-scan.com with UTF8SMTP id 0000000000020829.0000000060AC2365.0000DE8F; Mon, 24 May 2021 18:06:29 -0400
References: <20210524140315.991E3890E35@ary.qy>
Message-ID: <cone.1621893989.618298.56868.1004@monster.email-scan.com>
X-Mailer: http://www.courier-mta.org/cone/
From: Sam Varshavchik <mrsam@courier-mta.com>
To: ietf-smtp@ietf.org
Date: Mon, 24 May 2021 18:06:29 -0400
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=_monster.email-scan.com-56868-1621893989-0002"; micalg="pgp-sha1"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/T6jknsCC30XhEBcpUnbhCFVEM-Y>
Subject: Re: [ietf-smtp] Email explained from first principles
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 May 2021 22:06:39 -0000
John Levine writes:
> Mailing lists have been editing messages for 40 years, long before anyone
> ever thought of DKIM or DMARC. It is a well known DMARC failure that it
> doesn't work with mailing lists.
s/that it doesn't work with mailing lists//.
I'm struggling to identify some tangible value-added that DKIM/DMARC brings
to the table.
Ostensibly, these signatures prove that the mail really comes from the
domain it purported to come from.
Ok, that's cool, but what is the point?
I'm told that this is to block spam that forges others domains.
Splendid, but I can't help but notice that spam that makes it past my spam
filters features a shiny signature more often than not.
Here's a small sample from today's batch. I've masked the domain to avoid
triggering someone's OCD's spam filter:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=[spam domain]
[blah blah blah]
From: "Mail-Admin courier-mta.com" <mailer-daemon@[spam domain]>
To: mrsam@courier-mta.com
And here's one more:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=[spam domain]
[blah blah blah]
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=[spam domain];
[two for the price of one]
Subject: Strange Liver-Hormone Helps You Burn Fat 20 Hoursa Day
It seems very obvious to me that DKIM/DMARC has been a complete failure,
even ignoring mailing list-related breakage.
They had some initial success, when they were a novelty. That changed as
soon as their implementations gained some foothold. Spam senders figured out
that spam filters are whitelisting signed domains. Therefore, all they have
to do is use their own domain, sign their spam, and they's whitelisted!
Pure comedy gold.
- [ietf-smtp] Email explained from first principles Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Bron Gondwana
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Peter J. Holzer
- Re: [ietf-smtp] Email explained from first princi… John Levine
- Re: [ietf-smtp] Email explained from first princi… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] Email explained from first princi… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Matthias Leisi
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Nathaniel Borenstein
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John C Klensin
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… John C Klensin
- Re: [ietf-smtp] the point of domain authentication John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… John Levine
- Re: [ietf-smtp] the point of domain authentication Sam Varshavchik
- Re: [ietf-smtp] the point of domain authentication John Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely
- Re: [ietf-smtp] mailing lists are complicated, wa… John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely