> Wouldn't backscatter spamming already currently work the same way with
> messages where the return path address does not align, or with completely
> unauthenticated messages?
If spammers were to use my email in the return path/envelope from with the
intent on causing backscatter, the emails will be rejected at SMTP time due to
SPF failure. So no backscatter can then be generated by legitimate SPF checking
systems. Alignment has nothing to do with it, since the from header has nothing
to do with bounces. If the message is completely unauthenticated then yes it's
still possible, but then of course you're not using SPF, which was exactly the
premise of your question.
Backscatter spamming is also still easily possible from misconfigured systems
that don't check SPF, but those seem rare nowadays. They'll be listed on
backscatter RBLs until they implement SPF checking anyway.
Groetjes,
Louis
Op donderdag 17 oktober 2024 om 14:16, schreef Gellner, Oliver via mailop
<mailop@mailop.org>:
> On 17.10.2024 at 00:44 Louis via mailop <mailop@mailop.org
> [mailop@mailop.org]> wrote:
>
> > If SPF were deprecated, was would be the actual, significant effects on
> email anti-abuse processes?
> > • DKIM+DMARC do not verify the return address. So backscatter spamming would
> get more attractive to spammers, unless every receiver implemented some form
> of BATV. Which would be yet another thing to implement. Unless anyone knows of
> other solutions to this.
>
> Wouldn't backscatter spamming already currently work the same way with
> messages where the return path address does not align, or with completely
> unauthenticated messages?
>
> > • I agree with others that SPF is much easier to set up than DKIM, as no
> changes need to happen to the sending infrastructure itself. This makes DMARC
> adoption much easier.
>
> I'm with Brandon on this: Only setting up SPF and DMARC without DKIM will just
> extend someones pain. Authentication will fail under various circumstances:
> Messages will get rejected, forwardings will break and messages with a null
> sender won't arrive anymore anyway.
> If SPF gives anyone the impression that they can enforce DMARC without setting
> up DKIM then this wouldn't be an advantage in my opinion, but a reason to
> deprecate SPF.
>
> --
> BR Oliver
> ________________________________
>
> dmTECH GmbH
> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
> Telefon 0721 5592-2500 Telefax 0721 5592-2777
> dmt...@dm.de [dmt...@dm.de]<mailto:dmt...@dm.de [dmt...@dm.de]> *
> www.dmTECH.de [https://www.dmtech.de/]<http://www.dmtech.de
> [http://www.dmtech.de/]>
> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
> ________________________________
> Datenschutzrechtliche Informationen
> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser
> ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in
> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder
> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen
> unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren
> Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie
> hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832
> [https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832]>.
> _______________________________________________
> mailop mailing list
> mailop@mailop.org [mailop@mailop.org]
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
