On 8/29/2023 1:15 PM, Steve Atkins wrote:
Many, many people sign up to receive content that is, by any objective
content-filtering standard, as spammy as an incredibly spammy thing.
Seriously, people sign up for things you would not believe.
Any attempt by senders to filter outbound emails based solely on content is
going to have a lot of false negatives and positives, wherever you decide to
draw the line.
So, what you say makes complete sense, of course.
And yet, I suspect that this problem nonetheless requires active
measures at that point in the handling sequence.
The question, then, is what might help, without causing too much problem.
My immediate thought is an overlay to DKIM. That is, an added mechanism
that is protected by the DKIM signature.
A possible way to think about how to approach this:
1. Use the mechanism for messages deemed spammy by the originating
platform, or for new users who do not yet have an established
quality record, or...
2. Add a header field that has semantics along the lines of "Yes I
signed this and yes I sent it, but I'm not happy about it."
3. Receiving hosts can take this as a flag for extra caution. The
damn thing still gets to victim platforms, but those platform have a
bit more information to factor in.
DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and
receivers opt in to use them. Both sides are necessary. So I'm
wondering about looking for something the furthers the collaboration.
And the attacker can't bypass it, if the signature covers enough (or
all) of the message.
d/
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
