> On 10 Nov 2022, at 13:24, Murray S. Kucherawy <superu...@gmail.com> wrote: > > [offlist] > > On Thu, Nov 10, 2022 at 1:21 PM Laura Atkins <la...@wordtothewise.com > <mailto:la...@wordtothewise.com>> wrote: > >> On 10 Nov 2022, at 13:17, Murray S. Kucherawy <superu...@gmail.com >> <mailto:superu...@gmail.com>> wrote: >> >> On Thu, Nov 10, 2022 at 12:54 PM Laura Atkins <la...@wordtothewise.com >> <mailto:la...@wordtothewise.com>> wrote: >> In many cases, the reason the mail isn’t going out through the signing >> domain is because the signing domain’s anti-spam heuristics are good enough >> that the sender couldn’t maintain an account there long enough to send out >> any volume of email. That’s why the domain has a good reputation - because >> they block spam off their network. This is a way to steal the good >> reputation from the good ESP. >> >> Interesting. Almost seems like "SPF against the signing domain" could be a >> win, except for all the usual forwarding concerns. > > I think a lot of it is being blocked and the receiving orgs are aware it’s > happening and the replays are not contributing that much to the actual > reputation of the originating domain. Certainly, what I’m hearing from the > folks who are being used as the signer for the replay is they’re not seeing a > whole lot of impact on delivery and reputation. > > Am I reading this right, i.e., you think this is mostly a non-issue because > it's easy to spot and filter?
I think it’s not an issue for deliverability for the forged domain. (Remember: my opinions are filtered through the deliverability lens). I also think that the practical solutions applied by the big filters (using the tuple of SPF domain, DKIM domain and 5322.from domain as the identity for the message; noting normal patterns of delivery for a particular d=; enforcing RFC compliance on the incoming mail) are outpacing any changes to the standard that we might have. I don’t know if they have an appetite to implement a new or extended standard that is supposed to fix a problem that they have already (mostly) solved. I think there is space to have the discussion - is this something that needs a standard change / update? Are there other things we want to address? But I’m also thinking we need to engage with the mailbox providers to get their viewpoints on it. laura -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim