On 2/9/2024 6:50 AM, Scott Mutter via mailop wrote:
I think the issue with SPF and DKIM is that it's becoming trivial for ALL email to have SPF and DKIM that pass muster. At which point, you're right back where you started.
At the start, we had no way to assess email streams. Good mixed with bad in ways that made it almost impossible to distinguish them.
With SPF and DKIM, receivers have relatively 'noise free' message flows. A flow that has an authenticated identifier associated with it is highly likely to actually be email associated with the owner of that identifier. This permits relatively noise-free analysis of their behavior, without concern that some other factor -- like someone else using the identifier -- is injecting email into that flow.
In fact, it is /good/ that bad actors also use these technologies, since it makes it much easier to identify their crappy email.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
