It appears that Murray S. Kucherawy <superu...@gmail.com> said: > >On Sat, Apr 12, 2025 at 12:45 AM Dave Crocker <d...@dcrocker.net> wrote: >> It is, however, curious that there is no interest in considering that >> the relatively few platforms generating this problem, through a lack of >> accountability, might maybe oughta be considered for making some changes >> to -- and I am sure this will be a surprising suggestion -- their >> controls on their users? >> > >I think that's a pretty clear, simple, and noble assertion, but the problem >is that it is really really really hard to achieve at the scales we're >talking about, especially in the presence of motivated and incentivized bad >actors. That's not an attempt to deflect accountability at all; it is a >resignation that it's virtually impossible to close that hole completely, >which leads us to the "Is there some other technical solution that can help >here?" question. And here we are.
I think we all know that horse left the barn 30 years ago. If it were effective to tell operators don't let your users send spam, we wouldn't need DKIM or DMARC or SPF or spam filters and MTAs would still all be open relays. If there is something about DKIM replay that would make that approach work where it has failed every time before, that difference needs to be explained a lot better. The bulk of the spam that makes it into my inbox these days is low-rent B2B spam sent from accounts at Gmail, Outlook, and occasionally Yahoo. I would very much prefer that those operators not let their users send that mail, and I'm guessing that the operators would also like to prevent it, but we're stuck where we are, with both ends making imperfect attempts to mitigate it. R's, John _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
