On 15-02-13 02:08 PM, Franck Martin wrote:
DMARC is just the shiny top of the iceberg, that gets people motivated to do
something.
then you learn more, and then it is just a ploy to add more domain
authentication to emails (SPF/DKIM/TLS), because there is a benefit to do so
(get the DMARC reports) and it helps find infrastructure that could behave
better with DKIM with people motivated to make a change.
then, with this momentum, you shift from IP reputation to domain reputation,
and check that the domains in envelope from, from header, reply-to, sender,…
are legit, exists, accept emails and are not on some form of blocklists…
and then also you start to accept less and less malformed emails, because
Postel did not say to accept anything, but to be lenient when it is not clear
what you should accept.
And it just keeps adding burdens, and network traffic..
And then spam and phishing get confused, and 'best approach' starts
tripping over each other..And no one can do it properly..
To be truthful? (sheepish grin) So far, all we use DMARC/DKIM for is as
part of our spam detector filters.. to identify known patterns that are
associated with certain spammers .. Eg, always signs with DKIM.. Likes
using V1.. Never uses DMARC
IP Reputation is still the most powerful tool, with the lowest
footprint.. The onus should be passed on to the sender.. not the
receiver.. Sending servers should make sure nothing goes out their MTA
unless the domain is something they are responsible for..
Mailing Lists should send out using the domain of the sender who
instigated the mailing, not the mailing list operator..
(I see even banks using 3rd parties to send email out, from a domain
totally unrelated.. @3rdpartybulkmailer.com is bound to have problems,
when both good guys and bad guys use the same service)
And I get 'hey, is this really from this company I do business with?'
all the time...
And then SPF is probably the next lightest.. Any domain that is really
worried about someone forging their domain should have an SPF record of
course, and not those sloppy ones that say 'maybe' our mail doesn't come
from somewhere else..
99% of our spam protection happens directly in the edge SMTP layer, and
all the other fancy 'anti-phishing' will get relegated to filtering...
For us, we would rather see the companies that are pushing so hard for
DMARC/DKIM do a little better job on what's leaving their mail servers :)
Still a little hard to put the big guys on reputation lists.. ;)
And of course, the hosting companies are soon going to have to start
thinking about this, while renting to spammers might be a nice way to
justify more IP space, or make them a little fast money, soon it won't
matter how they sign emails.
It is amazing how much damage a single /29 can do in just a few hours,
across the whole internet.. renting by hour, and allowing them to
consume as much bandwidth as needed, isn't going to get you any friends
in the spam protection space..
Enough, now I am just ranting..
PS..
Yeah, your subscribers are probably marking it as spam ;)
(Always surprises me the times someone tries to report an uncaught spam
accidentally.. for emails they want... or did subscribe to)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop
