> On 1 Sep 2023, at 18:31, Grant Taylor > <gtaylor=40tnetconsulting....@dmarc.ietf.org> wrote: > > On 9/1/23 3:32 AM, Laura Atkins wrote: >> You don’t know that they don’t do spamfiltering on outbound messages. You >> don’t see what they catch and don’t send. What you do see is when that spam >> filtering fails. > > I do know that a small number of operators don't do any outbound spam > filtering because it has come up in conversations comparing systems / > configurations.
Are those operators being targeted with replay attacks? if they’re not, I don’t think this discussion is really relevant to the group. laura (participating) > >> Many ESPs are doing that, and doing blocklist checking on URLs. > > I'm glad for the ESP's efforts. > > I wish more people would do so. > >> But all it takes is for one message to slip through and amplified. > > I'm not talking about the false positives / false negatives. > > I'm talking about the lack of any outbound filtering period. Not what slips > through said filtering. > >> I don’t understand how this is going to address the problem. > > It won't solve the problem. No single thing will solve the problem. > > But it's another simple test that can be done between the MSA and the MTA to > reject things early in the flow. > >> As Bron said: the inbound system has a lot more information about the mail >> than the outbound system. > > Having more or less information doesn't have anything to do with acting on > the information that you do have, especially if it's verifiable and reliable. > >> I’ll also point out that if it’s one-to-one or one-to-few there are >> legitimate reasons to send spam. Say, mail to an abuse address reporting >> spam. I’m sure we can agree that MTAs shouldn’t be blocking abuse reports, >> yes? What you’re asking for means a lot of spam reports will be blocked (or >> incomplete). > > I'm trusting that's not a "but think of the children" knee jerk response > along the lines of "we can't filter outbound spam because we want to not > block spam reports." > > There's reasonable basic filtering and then there's deep filtering. > > I'm sure that we all know what we need to do t in order to get spam reports > through our respective systems. > > 1) Try forwarding spam as a message/rfc822 attachment. > 2) Try forwarding spam headers as a text/rfc822-headers attachment. > 3) Try putting #1 in a zip file. > 4) Try putting #2 in a zip file. > 5) Try password protecting #3. > 6) Try password protecting #4. > ... > n) Ask your postmaster how you are supposed to report spam. > > I maintain that basic spam and virus filtering should be done on outbound > email. > >> You’re asserting there are no basic checks being done. Do you have any >> evidence other than sometimes mail evades the outbound filters? > > I have had conversations with multiple small email operators over the years > that have told me that they only do any spam and virus filtering on inbound > email and that they do not do any such filtering on outbound email. > > > > -- > Grant. . . . > unix || die > > _______________________________________________ > Ietf-dkim mailing list > Ietf-dkim@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-dkim -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
