On Mon, Dec 12, 2022 at 11:21 AM Michael Thomas <[email protected]> wrote:
> On 12/12/22 6:57 AM, Murray S. Kucherawy wrote: > > On Sun, Dec 11, 2022 at 2:43 PM Michael Thomas <[email protected]> wrote: > >> But I want to return to my previous point of whether reputation is even >> quantifiable, and whether somebody has actually gone out and researched it. >> We can say that this is a problem in theory, but do we have any data to >> back it up? I kinda think that should be table stakes before talking about >> rechartering. >> > > The industry appears to think it's a factor. This work comes to us from > M3AAWG where there's a critical mass that believes reputation abuse of this > nature is real. Though I agree it would be helpful to have metrics to > describe it more precisely, it's my perception that there's enough momentum > here to back chartering. > > So I take it they haven't quantified it either? This strikes me as highly > susceptible to using anecdotal evidence as proof. I'm not saying they are > wrong, I just would like to see actual evidence. That's especially true if > the end result is telling receivers they should do something that they have > no stake in. > I suspect that most of the organizations affected aren't positioned to share the internal metrics that showed impact, but I can tell you from experience the effects can be quite dramatic, and I've spoken to more than a few people - also with direct experience - who would say the same. These attacks were very narrowly targeted; the vast majority of DKIM replay spam this year has been sent to just a few of the largest consumer mailbox providers. In that context, lack of awareness of the problem is a poor argument against trying to solve it.
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
