On Wed, 20 Mar 2019, Bernie Hoeneisen wrote:
I presume that PeP would make spam filtering much harder since the filters
can't look inside the messages.
This is a mutual challenge of email systems that use true end-to-end
encryption. While those improve Privacy, spam mitigation means need to be
adjusted.
I'm assuming that you don't have have much experience with spam filtering
at scale. Let me just say that if you can't look inside the messages,
there is a vast amount of spam you can't catch. Many systems send a
mixture of spam and legit mail, which from the outside look the same.
On the other hand, pEp (inherently) also provides some additional means for
spam mitigation / detection (on the client), e.g. end-to-end authentication
of the peer user.
This is a common misconception among people unfamiliar with spam
filtering. The majority of the spam that makes it into my inbox is sent
from real accounts that are either compromised or created in bulk at free
mail sytstems. Authentication would make no difference since all that
spam could authenticate perfectly.
If pEp is applied on top of existing email infrastructure (which is likely
the case in most scenarios), DMARC can also be used in conjunction with pEp
emails.
DMARC has never been an anti-spam scheme. It's about phishing, which is
not the same thing.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
