On 12.03.2025 at 13:30 Bierhoff, Florian via mailop wrote: Do you have any idea whether this downgrading is deliberate or just an automated consequence of the spammers being better at using ED25119 signatures ?
Hi Andrew, I sadly didn't get too much details on why and at which point the reputation goes down. I know, that the involved MTA marks the ED25119 signature verification result (even though it isn't actually verified) with an explicit 'fail' instead of 'neutral'. Analyzing the DMARC reports we received from this MTA we saw that the overall DKIM result ended up as a 'pass' though. My assumption is that some SPAM filter then sees this results, can't make much sense of it and marks the mail as SPAM. Kind regards, Florian Hello Florian, this sounds a little bit different than the original posting. A DKIM failure is a neutral result. As mentioned by others there are many MTAs which fail at validating Ed25519, but I‘m not aware that any of them would by default decrease the reputation of a domain because of this - although my insights are limited. The individual configuration of spam filters is an entirely different question though. People do all kind of stupid things with them. For example Cisco has a „golden“ message filter config for their Cloud Email Security which dumps all emails with failed DKIM signatures into a quarantine unreachable by the recipient: https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/210890-Configuration-Best-Practices-for-CES-ESA.html#toc-hId-1888025440 This specific example won‘t trigger on emails which additionally carry a valid RSA signature, but I wouldn’t be surprised if there are comparable filters elsewhere which do. Do you know which MTA is supposed to decrease the reputation because of an unknown DKIM signature? — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 [email protected]<mailto:[email protected]> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
