On Mon, Dec 7, 2020 at 12:15 AM Murray S. Kucherawy <[email protected]> wrote:
> On Fri, Dec 4, 2020 at 7:58 PM Douglas Foster < > [email protected]> wrote: > >> First, lets begin with the obvious: malicious messages come from >> enterprises that are in the malicious message business. They rarely send >> just one message, and their content changes continually. Therefore, my >> priority is to block malicious sources. Messages that are correctly >> blocked on content, rather than source, are the canary-in-the-mine which >> warns me that my sender blocks need to be tightened. >> > > I was under the impression from my work in the anti-spam world that > sources also change. It's trivial to come from a new IP address or sign > with a new domain name when I think you're blocking me. Thus, negative > reputations are generally not useful to accumulate long term. On the > contrary, the thing that's mostly reliable is static sources that have good > reputations, because they tend to remain (mostly) static, and they work to > preserve their reputations. I tend to give them preferential treatment. > > If a message is not forwarded, every organization involved in its delivery >> is assumed to have a relationship to the sender and therefore a shared >> responsibility for the final product. DMARC, SPF, and many spam filters >> assume that the adjacent MTA is the only source that needs to be evaluated. >> > This seems overly general. A message going from A to B to C to me here at > Gmail means Gmail has a relationship with A? > > Forwarding introduces an intermediary organization which presumably >> operates on behalf of the recipient, rather than the sender. It is not >> involved in the creation of the message and has no economic relationship >> with most of the message sources. More importantly, because it will be >> forwarding messages from sources with a variety of reputations, the >> forwarder will be perceived as having a very unreliable reputation – >> sending both very much unwanted content and very much wanted content from >> the same or overlapping identifiers. SPF and DMARC force the forwarder to >> reliably identify itself, but in this process, they force the forwarder to >> hide information that the receiving MTA needs for proper message >> filtering. This aggravates any effort to filter based on original-source >> identity. >> > I'm also confused here, because it's ambiguous what you mean by > Forwarder. Some forwarders simply replace the envelope and send the > message on its way with no body modifications and only trace header field > changes. They don't meet the definition you're describing because no > details are hidden. Others, like MLMs, may mutate the message and re-post > it, but I would argue that's not forwarding, that's a new message; the list > is the originator. > If there were truly a consensus on the list being the originator then the >From would/should be from the list domain and a lot of the list as intermediary issues would go away. As past discussions have shown, there is not such a consensus. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
