On Tue, Aug 8, 2023, at 6:37 AM, Scott Kitterman wrote:
> On August 8, 2023 10:18:58 AM UTC, Laura Atkins <la...@wordtothewise.com>
> wrote:
> >> On 6 Aug 2023, at 19:07, Jesse Thompson <z...@fastmail.com> wrote:
> >>
> >> On Sat, Aug 5, 2023, at 6:50 AM, Laura Atkins wrote:
> >>>> On 5 Aug 2023, at 02:43, Jesse Thompson <z...@fastmail.com
> >>>> <mailto:z...@fastmail.com>> wrote:
> >>>>
> >>>> On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote:
> ...
> >>>
> >>> A big driver of the work is actually Google. As I understand it, they are
> >>> having issues because the replay attackers are successfully stealing
> >>> reputation of otherwise good senders in order to bypass some spam
> >>> filtering. The replay attackers aren’t sending what we commonly think of
> >>> as spam through the signers - as the message is sent to one recipient
> >>> (not bulk) and it is opt-in (that recipient wants and has asked for the
> >>> mail).
> >>
> >> This is accurate from my observation. It takes only a single message which
> >> evades content filters, and the attacker is the first recipient, who will
> >> not report it as abuse.
> >>
> >> Which is why an earlier "just don't send spam" comment seemed to be
> >> borderline FUSSP rhetoric. If the message isn't detected by the receiver
> >> (who has the most visibility into the type of mail its users want to
> >> receive) then how can a sender be held to a higher standard of detection
> >> with less visibility?
> >
> >I agree wholeheartedly. I just wanted to make it clear for the record that
> >this isn’t an issue of the signer knowingly signing spam and “deserving” any
> >reputation problems.
> ...
>
> Intent has nothing to do with it. Reputation is what you do, not what you
> intend.
I think we can agree that spammers will always exist because they are a
societal problem. Societal problems can't be completely solved with technology.
Spammers will find ways to leverage the technologies we build to leverage in
their ill will. DKIM didn't intend to give a haven for spammers to hide behind
DKIM signers, but that's what it does. DKIM replay is a problem that is going
to persist as long as society has spammers. Yet, DKIM isn't designed to solve
spam problems. It conveys identifiable and verifiable information. DKIM signers
will not be able to identify 100% of what a receiver will consider spam, but
they can provide additional verifiable information for receivers to interpret
into their disposition.
Jesse
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
