On Sun, Aug 28, 2022 at 8:47 AM Alessandro Vesely via mailop < mailop@mailop.org> wrote:
> On Sat 27/Aug/2022 00:54:47 +0200 Brandon Long wrote: > >> There are certainly plenty of people who didn't read the spec and > >> wrongly assume that a failed signature means something is wrong. > > > > I think there can be some subtle differences between "a failed signature > > means something is wrong" and > > "a message without authentication has a higher chance of being spam" > > It was observed several times that spammers are quicker to adopt new > authentication techniques than classical mailbox providers. Although some > hopeless spam is not authenticated at all, I'd expect that spam with a > broken signature be restricted to rookies. Slavko's evidence seems to > agree. > The point here is that "has a valid dkim signature" is not the signal. The signal is "has a valid dkim signature for domain $DOMAIN". Spammers having a valid dkim signature for their spammy domain is actually a great signal that something is spam, for example. And the opposite is then "doesn't have any valid dkim signature", which drops you into the "unknown" bucket, which may be throttled... or, if you're claiming to be paypal.com and have no valid dkim signature, you're going to be dropped into the "probably phishing" bucket, which will be blocked. Or, if you believe in No Auth No Entry, then no valid authentication is going to get you blocked. Our spam team has had a strong preference for that direction for a decade now. > From here to inferring a honest attempt, and thereby non-junk status, > from > failed signatures... > heh Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
