On 18/12/2023 10:18, ml+mailop--- via mailop wrote:
And it seems none of the extra requirements do anything against spam, because the spammers can (and do, see above) easily implement all of those.
DKIM (and SPF) aren't anti-spam measures, and have never been promoted as such. They're anti-forgery measures.
Spam filters handle reputation of things. One thing they can do is track reputation of sender domains. When forgery is possible, then that means that spammers can piggy-back on the good reputation of big companies like Google, Amazon, etc. They send mail pretending to be from someth...@amazon.com. There's no reliable way for the recipient to know that it's not actually from Amazon, so the recipient has to either:
- let the mail through (because it says it's from Amazon, so must be OK) - damage the reputation of Amazon (because spam comes from amazon.com) - or don't use the sender domain for reputation tracking, because it's unreliable
The first two options are obviously bad, and the third takes away a big tool from the anti-spam arsenal.
When you have SPF and/or DKIM, then you've essentially prevented forgery (yes, you may have introduced other problems, but that's by-the-by). So, it's irrelevant that spammers can implement these features - that's actually good - the spammers can't use a trustworthy sending domain to try to trick spam filters, so the spam filter can track the reputation of the REAL sending domain, and spammers get punished and the trustworthy domains (theoretically) don't.
Paul
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
