A better place for this discussion would be the MailOps list, where a
broader variety of mail admins *INCLUDING MS EMPLOYEES* take part, and
this problem class has been discussed multiple times. See
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
With that said, a couple of paragraphs stand out as demanding response.
They literally made me choke on my coffee, repeatedly:
On 8 Jan 2018, at 1:56 (-0500), Yuval Levy wrote:
[...]
Indeed we can only speculate about what triggers the blackbox. My
email
was just a set of boring corporate decisions in a language that I have
never seen used in any scam/spam. They are neatly formatted into a
PDF
saved directly out of LibreOffice with a short text body, composed in
Thunderbird.
This sort of mail -- a PDF attached to a brief text message -- describes
>90% of the spam that has made it through my spam filters in the past 6
months, much of it "spearphishing" mail aimed at tricking me into doing
risky things involving money for people who claim a false identity.
Unfortunately, it seems to also be a preferred form for high-value
document exchange (i.e. legal papers...) so it is viciously hard to
filter out safely. This is why operations like DocuSign & Greenvelope
exist. Email is a terrible medium for exchange of legal docs, but that's
a tough sale to lawyers...
The only minor objectionable issue I find with my email is
the GPG signatures: I sign with a key that is not associated with any
email address, contrary to RFC_dont_remember_which,
And totally against the whole design of the OpenPGP signing protocol.
You might as well use a key claiming to be from someone else. This is
WORSE than not signing at all. It screams "THIS EMAIL IS FRAUDULENT!!!"
and I sign with an
expired key
So it looks like you're using a key that you have in the past said that
you wouldn't use at this date. This is practically begging to be
distrusted.
(my bad: good enough for my purpose and therefore very low
priority to fix).
This free-floating assertion seems at odds with the fact that your email
to Microsoft customers is being treated in a manner that only makes
sense for phishing or malware email.
Have you tried taking the 5 minutes required to set up a correct GPG key
and use that instead?
I doubt Microsoft pulls in GPG keys and verifies
content signatures anyway.
I do not. It is certainly easier and more sensible than some of the
other behaviors you suggested that MS might be engaging in. If you're
lucky, they cannot find your key; it's best if they can't tell how bogus
your signatures are.
There is a banking resolution, so there is
text in the PDF saying that the corporation has decided to open a bank
account with bank X. If that triggers the content filter, it is a
really picky one and whoever programmed it should be sentenced to
manually read out loud Nigerian spam for eight hours straight.
It is not a bad idea to reject email with a general format that is
widely used by scammers, discussing activities often discussed in such
scams, bearing a doubly bogus "signature."
In fact, that strikes me as a very GOOD idea.
HTML format?
Highly unlikely.
Then why Microsoft's advice to "brand" and "properly format" the
message?
Boilerplate. They cite the most common broad issues, not weird niche
problems like bogus PGP signatures on phishy messages.
SmartScreen is mainly targeted at phishing and malware mail, so the most
common sorts of FPs are cases of mail not having the form and content of
typical business (or personal) one-to-one email. Like it or not, "rich"
content in email is pervasive these days so doing it in odd ways like
embedded PDFs with short text parts looks suspect. Also, using a stale
key without an email address for "signing" a message as someone your
mail is not from could be argued to be both a format error and a
branding error.
Coming from the company that has gifted the world the scourge
that is HTML email,
Niggle: Outlook Express added HTML email in response to that
"innovation" in Netscape Navigator Gold 3.0.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
