On 1/27/25 3:44 PM, Richard Clayton wrote:
In message <[email protected]>, Michael
Thomas <[email protected]> writes
> Papers, reports, really anything from mailbox providers and/or filter
> providers that detail how DKIM is being used in production.
<https://blog.google/products/gmail/gmail-security-authentication-spam-
protection/>
Good to hear.
But I've seen things like before but these are just sort ops
announcements, not saying at some level how they are using DKIM for
incoming evaluation. Even at a high level would be nice -- obviously
they aren't going to go into the guts of their reputation machines, but
it would be helpful to know how identity is used and how important it is.
ObSidetrack: one wonders what happens when ML starts getting used. Both
for sending spam and receiving.
there's similar material from Yahoo and also I believe Apple, Microsoft
and IONOS
> As one of
> the original designers, it's been pretty frustrating to not know how
> it's being used and what difference it actually makes.
Google regularly blog that sort of information -- and you might also
like to look at this (albeit it is not from a mailbox provider)
Link(s)?
<https://nsarchive.gwu.edu/sites/default/files/documents/5023652/United-
Kingdom-Government-Active-Cyber-Defense.pdf>
Again, this is just a high level "clean up your act" kind of
announcement short on any specifics.
Fwiw, the link I gave to the Usenix paper is well worth reading and they
did a really good job, IMO. One of their takeaways is that actually
informing users of the provenance of the email was helpful to combat
phishing. Obviously not an IETF thing, but people working on standards
working in a vacuum makes it a lot harder to evaluate changes and/or
proposals.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
