Re: [Ietf-dkim] What makes this posting different from the original posting?
On Fri, Sep 1, 2023, at 12:49, Grant Taylor wrote: > On 8/31/23 8:02 PM, Bron Gondwana wrote: > > The classic case was that spam about V*gra was very common, but blocking > > that word in every anti-spam filter would create something that was > > really not fit for purpose for Pfizer to use for their email system. > > The sender and recipient really make a difference about what is spam - > > and as the sender you don't know who the end recipient is, because there > > are plenty of recipients. > > I've seen -- what I consider to be -- too many systems -- read more than > zero -- that apply some amount of spam filtering to inbound message and > no spam filtering on outbound messages. > > I've also seen many of these systems wonder why they ended up black > listed when an account was compromised and someone was sending spam > through said system. > > I feel like there should be basic spam filtering on outbound messages. > Even if it's as simple as logistical checks; making sure the from makes > sense, probably running the message through something like a default > configuration of SpamAssassin (without Bayes), and probably through > something like ClamAV. Just basic sanity checking on messages. > > Dare I say, I'd add SPF between the MSA and MTA. > > Things to prevent blatant spam / viruses much closer to the -- likely to > be authenticated -- sender. > > I'll say it this way, if there's a 90% chance that your inbound system > would block it, then why should your outbound system send it? We do all that, we still have messages go out sometimes that are unwanted by the recipient, side effect of having hundreds of thousands of users, some of which get their accounts stolen, even before you have to deal with the other problem, bad actors signing up. So replay of a single one of them and there goes the domain reputation. I've already posted in this thread examples of things that could be phishing or a legit business email, not enough detail for us to tell. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
On 8/31/2023 7:23 PM, Bron Gondwana wrote: Now - there is a fact known to my system that's not known to yours (my signed-in identity, which isn't br...@fastmailteam.com, and may not appear at all other than an opaque header that other systems can't parse). So that's a fair call, there's asymmetric information both ways. To the extent it can help the receiver, a hashed version of the address might be useful without divulging too much ( though yes, I know that approach can be problematic.) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
On 8/31/23 8:02 PM, Bron Gondwana wrote: The classic case was that spam about V*gra was very common, but blocking that word in every anti-spam filter would create something that was really not fit for purpose for Pfizer to use for their email system. The sender and recipient really make a difference about what is spam - and as the sender you don't know who the end recipient is, because there are plenty of recipients. I've seen -- what I consider to be -- too many systems -- read more than zero -- that apply some amount of spam filtering to inbound message and no spam filtering on outbound messages. I've also seen many of these systems wonder why they ended up black listed when an account was compromised and someone was sending spam through said system. I feel like there should be basic spam filtering on outbound messages. Even if it's as simple as logistical checks; making sure the from makes sense, probably running the message through something like a default configuration of SpamAssassin (without Bayes), and probably through something like ClamAV. Just basic sanity checking on messages. Dare I say, I'd add SPF between the MSA and MTA. Things to prevent blatant spam / viruses much closer to the -- likely to be authenticated -- sender. I'll say it this way, if there's a 90% chance that your inbound system would block it, then why should your outbound system send it? Fact: recipient spam filter has more information than sender spam filter Result: recipient spam filter can be more restrictive without causing excess damage. Yes, there is different data. But there is still data on the sending side that can be used to perform basic checks. There's no hypocrisy in recognising the asymmetry, and designing with that in mind. I still think that it's hypocritical to have zero spam filtering on outbound email while having any spam filtering on inbound email. -- Grant. . . . unix || die ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
On Fri, Sep 1, 2023, at 11:33, Stephen Farrell wrote: > > Hi Bron, > > On 01/09/2023 02:02, Bron Gondwana wrote: > > Fact: recipient spam filter has more information than sender spam filter > > I've no axe to grind here, but wondered - is there e.g. a > peer-reviewed publication that conclusively demonstrates > that? Probably not, because it's blindingly obvious - as you can see from the raw copy of this very message when your read it. Fastmail's outbound spam scanner doesn't know that you'll receive this message, since the recipient address is "ietf-dkim@ietf.org", and it doesn't know for sure that you're a member of that list. > Not saying that that's necessary, but I wondered. Reason > to ask is that I'm not sure I understand how to compare the > sender's (filter's) information vs. the receiver's in a > partial order. As I see Dave has already replied - there's all the extra headers showing the path it took, and if there were any mailing lists or alias expansions along the way, the receiving system knows the actual recipient mailbox where this may be not known at all by the sending system. Strictly - there's a fact that's known to your system and not to mine. Now - there is a fact known to my system that's not known to yours (my signed-in identity, which isn't br...@fastmailteam.com, and may not appear at all other than an opaque header that other systems can't parse). So that's a fair call, there's asymmetric information both ways. But - spam is in the eyes of the recipient, and for sure your system will have more information about whether you might want an email than my system will. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
On 8/31/2023 6:02 PM, Bron Gondwana wrote: Fact: recipient spam filter has more information than sender spam filter The key bit, I think, is that more has happened, by the time of receiving. Namely more copies sent through bots, etc. Anyhow, the limitations at the sending side is why I am now wondering about the sending side providing more information to the receiver, rather than just trying to detect and stop on their own. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
Hi Bron, On 01/09/2023 02:02, Bron Gondwana wrote: Fact: recipient spam filter has more information than sender spam filter I've no axe to grind here, but wondered - is there e.g. a peer-reviewed publication that conclusively demonstrates that? Not saying that that's necessary, but I wondered. Reason to ask is that I'm not sure I understand how to compare the sender's (filter's) information vs. the receiver's in a partial order. Ta, S. OpenPGP_0xE4D8E9F997A833DD.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] What makes this posting different from the original posting?
On Wed, Aug 30, 2023, at 12:38, Grant Taylor wrote: > On 8/29/23 3:15 PM, Steve Atkins wrote: > > Any attempt by senders to filter outbound emails based solely on > > content is going to have a lot of false negatives and positives, > > wherever you decide to draw the line. > > I find the idea of using different, probably less stringent, filtering > on outbound than on inbound to be hypocritical. > > I find it tantamount to someone saying they only accept the most > pristine message while sending less pristine, and sometimes really > tarnished, email. > > Sure, there are some differences, e.g. lack of user preferences. > > Why the asymmetry? > > Why not apply the same filtering for outbound messages as applied to > inbound messages? The classic case was that spam about V*gra was very common, but blocking that word in every anti-spam filter would create something that was really not fit for purpose for Pfizer to use for their email system. The sender and recipient really make a difference about what is spam - and as the sender you don't know who the end recipient is, because there are plenty of recipients. Fact: recipient spam filter has more information than sender spam filter Result: recipient spam filter can be more restrictive without causing excess damage. There's no hypocrisy in recognising the asymmetry, and designing with that in mind. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
