On 12/13/22 6:35 AM, Murray S. Kucherawy wrote:
This tactic appears to me to have three problems: (1) negative
reputations are of little value to receivers, because attackers can
easily shed them; (2) if I have to remember everything with a negative
reputation for some undetermined period of time, I now have a resource
problem; (3) I can just not sign my mail, because maybe no reputation
is better than a negative one.
I don't understand #1. As in they can move to another service? Or what?
As for 3, it's pretty easy to cons up a new domain with fresh neutral
reputation and still enjoy the supposed benefit of mail being signed for
awhile. If you factor SPF in though it probably gets harder because now
you need not only a new domain, but the underlying network connectivity
to avoid detection.
Which brings up a question: even though they pass on DKIM they should
fail on SPF, right? For transactional email that seems like a big old
red flag, right?
In contrast, positive reputations are far fewer in number, far more
valuable to collect and protect, and very likely last a lot longer.
Giving preferential treatment to a domain that earns a positive
reputation seems like a much better approach.
In both cases you need to keep track of both as somebody with a bad rep
might get better and one with a good rep might get worse, right? That
is, this isn't static. Preferential of course is pretty subjective. I
suspect that most of these filters operate much like spamassassin which
gives weights to various factors, so good and bad are both useful.
Mike
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
