On Tue, Aug 15, 2023, at 21:36, Alessandro Vesely wrote: > On Tue 15/Aug/2023 08:10:23 +0200 Bron Gondwana wrote: > > > We've love to not sign spam at all, but short of never allowing users to > > send email, it's not actually possible. We're not trying to "accomodate > > sites that send spam", we're trying to minimise the blast damage of a > > message that a bad actor manages to get signed - because that reduces that > > value of getting such a message stamped with a signature, and that reduces > > the amount of spam. > > > Still, knowing that he's a bad actor, you could skip signing. Are there so > many new spammers every day? Or, rather, there is a bunch of professional > spammers who know how to hide?
The whole point is - you don't know that a stolen account is a bad actor before it starts sending messages, and the ability to tell that a single message is spam, when it's being sent to a single recipient - again, if you have a reliable definition I'd love to see it. Even something like `please click <a href="https://site.com/">here</a> to update your bank details`, real organisations send real email like that to their customers. You can't tell it's spam without context. > The whole concept of domain authentication is questionable if domains have no > idea who their users are. At scale, there's always going to be a small percentage of bad users / hacked users on any system. Hence trying to make domain authentication not so valuable that getting it on a message is super powerful. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim