--On 20 October 2010 11:54:38 -0400 "John R. Levine" <jo...@iecc.com> wrote:

> [ I'm following this thread because it's related to advice in 4871 that
> we should probably remove from 4871bis ]
>
>>> So you're saying that all a spammer has to do is to put on a throwaway
>>> domain's signature, and the MUA will highlight at least parts of the
>>> message with green goodness?  Surely our understanding of domain
>>> reputation is better than that.
>>
>> I believe that's the basis of this whole discussion, isn't it. The point
>> is  that the MUA tells you whether the header was signed, and leaves you
>> to apply  the domain or address reputation. I think that's a step
>> forward. At least, it  is when I know the purported author.
>
> Hmmn.  You don't know the purported author, all you know is the actual
> signer.

I do know the *purported* author. It's right there in the From: header. 
DKIM tells me that it hasn't changed since it left the signer. My guess is 
that to get good reputation, domains won't be signing emails when that's 
spoofed. I know that we can't rely on that. YAHOO, for example, seem to be 
relaxed about their senders spoofing addresses. Hopefully they'll learn.

Even without changes in behaviour, I also know that a purported author in 
the yahoo.com domain is many times less likely to be spam if it has a valid 
DKIM signature from yahoo.com.

> We have a message offering you a job as an Internet Payment Processor.
> It's from recruitm...@reliable-home-work.com, and signed by
> reliable-home-work.com.  Do you paint it green and show it to your users?

Yes, because green doesn't mean this is a good email, it means this is 
really from that sender. You're then set to apply your personal reputation 
score to that sender.

> What if it was sent through gmail and had a google.com signature?

No, I wouldn't do that. I have no idea whether any MUAs would.

> How many of your users even know what a money mule is?

They have to be responsible for some stuff in life, but I certainly would 
not suggest that this should, would, or could replace spam filtering. All 
this has to be additional to what we already do, though it should permit 
more reliable whitelisting (say, of my brother's gmail.com address provided 
it was covered by a gmail.com signature).

> I think that if you look through papers at CEAS and similar fora, you'll
> find that manual classification of mail is not particularly accurate, and
> is a huge waste of time.  Well tuned filters do at least as good a job
> with far less human effort, and the reasonable things for humans to do is
> to tell the filtering engine when it guessed wrong either explicitly, or
> implicitly by moving stuff between inbox and junk folder.

Yes, I'm aware of all that.

>> And, surely I'm better at assigning reputation to -say- my brother than
>> any automated system is.
>
> Given the number of spam complaints I get about on-topic messages to COI
> discussion lists, don't count on it.  And in any event, unless your
> brother is one of us weenies with his own vanity domain, his mail is
> going to be signed by his employer or his ISP, so he won't have his own
> mailstream reputation anyway.
>
> Regards,
> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly



-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to