On 09.02.2024 at 15:51 Scott Mutter via mailop wrote: > On Thu, Feb 8, 2024 at 12:20 PM Randolf Richardson, Postmaster via mailop > wrote: >> Spammers forging eMail accounts is the primary reason SPF and DKIM >> are so prevalent these days.
>> I believe the day will come when it will be pointless to send eMail >> from a domain that doesn't have a properly-configured SPF record and >> all of its outbound mail signed with DKIM. > I think the issue with SPF and DKIM is that it's becoming trivial for ALL > email to have SPF and DKIM that pass muster. At which point, you're right > back where you started. Lots of spam getting into the Inbox because they all > pass SPF and DKIM. > This is part of the issue I have with all of these band-aid solutions when it > comes to "fixing" the spam problem with email. You're going to continue to > have these issues with email until people realize that they are going to have > to let go of some of these grandfathered standards - like external email > forwarding. If external email forwarding was not a thing, then a properly > constructed SPF record is going to do a pretty good job (a complete job?) of > identifying messages that are forged (phishing) and those that are legitimate. Whether an email passes SPF or DKIM is no indicator of whether its spam. It just allows you to tie messages to the reputation of a domain, similar as you rate messages based on the IP address they are coming from. While I'm no advocate on external email forwarding, SPF does not perform a good job on identifying emails regardless of forwarding. Most companies send emails from shared IP addresses (Office 365, GSuite, Sendgrid, Amazon SES, ...), so their SPF records are all, well... identical, which is not really useful to tell them apart. This opens a window for various attacks, see for example the recent SMTP smuggling attack. A better approach would be to get rid of SPF and base DMARC solely on DKIM. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
