Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
Sam Varshavchik <mrsam@courier-mta.com> Wed, 26 May 2021 02:12 UTC
Return-Path: <mrsam@courier-mta.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2BC93A18E2 for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 19:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.435
X-Spam-Level: *
X-Spam-Status: No, score=1.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_PBL=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YfBYpS-b3CN for <ietf-smtp@ietfa.amsl.com>; Tue, 25 May 2021 19:12:03 -0700 (PDT)
Received: from mailx.courier-mta.com (mailx.courier-mta.com [68.166.206.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B8733A18E1 for <ietf-smtp@ietf.org>; Tue, 25 May 2021 19:12:02 -0700 (PDT)
Received: from monster.email-scan.com (monster.email-scan.com [::ffff:192.168.0.2]) (TLS: TLSv1.3,256bits,TLS_AES_256_GCM_SHA384) by www.courier-mta.com with UTF8SMTPS id 000000000030000A.0000000060ADAE6B.00008BAF; Tue, 25 May 2021 22:11:54 -0400
Received: from monster.email-scan.com (localhost [127.0.0.1]) (IDENT: uid 1004) by monster.email-scan.com with UTF8SMTP id 0000000000020829.0000000060ADAE6A.00014B4B; Tue, 25 May 2021 22:11:54 -0400
References: <20210525012345.E42AE8A790D@ary.qy> <cone.1621939932.396187.66265.1004@monster.email-scan.com> <14fa34c7-c6a2-2c2c-3de9-f4f8c7327f9e@dcrocker.net> <cone.1621990228.782113.83228.1004@monster.email-scan.com> <5b98b0a0-3545-5370-c8d2-51533b0445f5@dcrocker.net>
Message-ID: <cone.1621995114.332887.83228.1004@monster.email-scan.com>
X-Mailer: http://www.courier-mta.org/cone/
From: Sam Varshavchik <mrsam@courier-mta.com>
To: ietf-smtp@ietf.org
Date: Tue, 25 May 2021 22:11:54 -0400
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=_monster.email-scan.com-83228-1621995114-0002"; micalg="pgp-sha1"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/Y3z9VotM-A0VMwKCdmDi0nnIPc4>
Subject: Re: [ietf-smtp] DKIM and DMARC, Email explained from first principles
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 02:12:06 -0000
Dave Crocker writes: > Actually, no, that's not what I said. Bad actors are always the first to > adopt the newest anti-spam technologies, to abuse those unfortunates who > interpret DKIM the way you described. > > DKIM establishes a clean (noise-free) channel from the signer, which means > that any assessment about them really is about them. If they are bad > actors, that is a lot easier to assess, as is if they are good actors. Ah, but the first paragraph's the rub. That's why I saw DKIM-Signature: as a spam indicator: the bad actors' initial take-up of DKIM-Signature: was quite noticable. That was definitely true at one point. Based on today's numbers that I looked at the mainstream adoption of DKIM sadly diluted its early value as a spam indicator, ironically. >> But nearly all other spam, the kind that I do have a major problem with, the >> specific type that I'm bitching about, nearly all of it carries a DKIM- >> Siganture: field. I only found very, very few exceptions to that. > > For those assessed as bad actors, was any of their mail mixed in with mail > from a different signer who was assessed to be a good actor? My sample wasn't large enough for that. I have no recollection of seeing this; except I have a dim recollection of receiving something non-spam from Sendgrid a very, very long time ago, before I wrote them off as damaged goods. Interestingly enough, while researching this response, I found a copy of a sendgrid-sourced spam from December 2020, from a previously unknown (to me) IP address range (it was spamming an SMS-spam service). It did not have a DKIM/DMARC signature of any kind. Nothing from Sendgrid since then until today, when Sendgrid attempted to spam one of my Sourceforge mailing lists, with a monstrous DKIM-signed spam in Spanish. So, looks like Sedngrid is >> Now, to John's point, that DKIM alone is not indicative of reputation, that >> it only serves to ascertain identity, and with that out of the way you can >> now evaluate the proven identity's reputation. Well, the problem with that >> is twofold: >> >> 1) There are no known (at least to me) established reputation providers. And >> even if there are some that claim to be, history teaches that they don't >> really accomplish much. > > Gosh, you mean that each evaluator needs to formulate their own criteria, > about a complex, fuzzy topic? Yup! > >> >> 2) So you're left with building and maintaining your own reputation database. >> >> That seems like a lot of work to me. > > It is. Sad reality. Lot of criminals on the streets make safe navigation > challenging. Most people need to outsource their safety efforts. You can't really have both. Either you "formulate your own criteria", or you'll outsource your spam filtering.
- [ietf-smtp] Email explained from first principles Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Bron Gondwana
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Viktor Dukhovni
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… Peter J. Holzer
- Re: [ietf-smtp] Email explained from first princi… John Levine
- Re: [ietf-smtp] Email explained from first princi… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] Email explained from first princi… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Matthias Leisi
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Dave Crocker
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John Levine
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Sam Varshavchik
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… Nathaniel Borenstein
- Re: [ietf-smtp] DKIM and DMARC, Email explained f… John C Klensin
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Kaspar Etter
- Re: [ietf-smtp] Email explained from first princi… John R Levine
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] Email explained from first princi… Alessandro Vesely
- Re: [ietf-smtp] Email explained from first princi… John C Klensin
- Re: [ietf-smtp] the point of domain authentication John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… John Levine
- Re: [ietf-smtp] the point of domain authentication Sam Varshavchik
- Re: [ietf-smtp] the point of domain authentication John Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely
- Re: [ietf-smtp] mailing lists are complicated, wa… John R Levine
- Re: [ietf-smtp] mailing lists are complicated, wa… Dave Crocker
- Re: [ietf-smtp] Email explained from first princi… Richard Clayton
- Re: [ietf-smtp] mailing lists are complicated, wa… Alessandro Vesely