On Fri, Oct 11, 2019 at 2:09 AM Chris Woods via mailop <mailop@mailop.org> wrote:
> After recently receiving yet more spam from standards-compliant spam > servers (valid SPF, DMARC and domains on mainstream TLDs and delivery > tolerating greylisting), this discussion got me thinking again. Some open > questions: > > Imagine an operator wishes to spin up a new email server, for themself or > for a client. They implement all the usual best practices regarding > security, domain records, MTA configuration and so on. > > Are they still fundamentally constrained by their choice of network > provider, despite complying with every possible security and delivery > behaviour to warrant and verify the content and sender of every email? > I think you misunderstand the point of the auth the standards. They are to allow any independent method of determining who you are besides the IP and network from which your mail comes. This allows you (in theory) to move your mail between IPs and keep your reputation. It doesn't mean your reputation is good. If you don't use them, then there's no other signal to use besides IP and content.. and unfortunately, content is a lot harder to deal with, and it's not just an expensive computation issue. Has the prevailing method of deciding worthiness now become permanently > biased towards the 'prior reputation' factor? > I think it's been that way for a long time, unfortunately. Different systems have different memories, I know we try and not have a long memory... but unfortunately, "forgetting" requires disuse for our system, so a low volume of continued use won't help us forget... the mail has to be actually marked as non-spam by our users in that case. I think that is a problem with our system, but it's a hard one to solve ... or hasn't been that important to solve. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop