On Jun 27, 2014, at 4:16 PM, Dave Crocker <[email protected]> wrote:
> On 6/27/2014 3:55 PM, Barry Leiba wrote: >> it seems that there's a .co.uk domain name >> used as an example in the charter text, that domain name is on a spam >> block list, and that caused a high spam score. > > What is especially frustrating is that it's a formally-legal/appropriate > example name. > > >> I've suggested that this represents a faulty spam rule: a blacklisted >> domain name in an address field should cause a high spam score, but it >> shouldn't do so when we're talking about the domain in the body of the >> message. > > Lots of spam can be detected by virtue of specific URLs that occur in > the body. So it's entirely reasonable that it was looking there. > > That said, yes, the ruleset for IETF mailing lists probably needs > tweaking, given the unusual nature of our content, with respect to > spam/anti-spam work. Dear Dave, Adjusting the spam filter is fine, but not the characterization of work at hand. Our company has had a fair amount of experience dealing with phishing, which DMARC helps to mitigate. In essence, this is not an anti-spam effort. Anti-spam is ineffective at dealing with the phishing problem which is why there is DMARC in the first place. It takes little effort for a malefactor to compose a phish not detected as spam. Anti-spam generally looks for advertising or reaching out with a contact with related statistics identifying various campaigns. There needs to be a mindset change about the problem, since it can't be measured or viewed as yet another spam issue. Much greater weight must be given to source validation. Phishing differs from the way spam is detected, which is why DMARC offers feedback. Only the DMARC domain is ever authoritative. They need to offer specific advice and NOT some spam reputation service. As I said, anti-spam does not work. We have tried and it completely failed. The payoff from a successful phish can be fairly high allowing much smaller numbers to be sent. Often the malefactors increase their success rates by knowing more about their victim which is often not done with most spam. If such weighing were done in this case, there should not have been a problem indicated with the proposed charter. Perhaps one day we will be able to eat our own dog food while using a mailing-list. Consider what can be done with the development of an informal federation where the From starts a chain of trust. The overhead is much smaller than most seem to imagine. As I said, we were doing this for each message received by several very large ISPs using only modest resources. Far less than that needed to sustain that of SPF, DKIM, or any reverse lookup. Only those very few messages failing DMARC alignment checks will require additional federation related info. In comparison. a piece of cake. Regards Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
