On Fri, Feb 10, 2023 at 2:13 PM Michael Thomas <m...@mtcc.com> wrote:
> Another thing that should probably be discussed is outbound spam > filtering. At a high level, this is really about the sender sending spam. > But email afaik is silent on whether senders or receivers should filter for > spam (and if there is, it would be good to reference it). Sender filtering > is especially pertinent and may well have clues of how a sender can > mitigate it. A breakdown of how spammers defeat that outbound filtering > would be really useful. For example, is the spam intended for mailboxes on > the sending domain (eg, gmail)? Or do they go through a two stage process > where they first get the spam through the sender, and then test it on the > intended receiving domains? All of that would be really helpful. > I think it's sufficient for us to acknowledge that, in either direction, no spam filter is 100% accurate. It can be tempting to say "You shouldn't sign spam, and if you do, you're the problem", but I'm sympathetic to those in that business who are faced with the reality that they'll never get it 100% right. Instead, I think we have to accept that reputable signers will occasionally be tricked into signing spam, and the goal then is to try to develop some new signal that can be provided to verifiers to handle those cases. The problem statement document proposed for the WG does spell this out, I think. What do you find missing in terms of the details? Some of the nitty gritty probably varies from one email provider to the next, for example. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
