> On 5 Aug 2023, at 02:43, Jesse Thompson <[email protected]> wrote: > > On Thu, Aug 3, 2023, at 11:08 AM, Laura Atkins wrote: >> I agree with this and have been working to recruit folks to come here. I’ll >> also be in Brooklyn and pitching the need for participation in the IETF >> working group from folks in the email space who are seeing issues with this. > > I'll be there and interesting in participating. As an ESP/infrastructure > provider I can say that we are "having" the issue, but can't say that we > "seeing" the issue since visibility is only available to anti-spammers, and > domain owners (who receive DMARC reports).
A big driver of the work is actually Google. As I understand it, they are having issues because the replay attackers are successfully stealing reputation of otherwise good senders in order to bypass some spam filtering. The replay attackers aren’t sending what we commonly think of as spam through the signers - as the message is sent to one recipient (not bulk) and it is opt-in (that recipient wants and has asked for the mail). > I recall various assertions that the reason why DMARC has been successful is > primarily because of the Reporting benefits (and I certainly agree with this > assertion from my background as an enterprise domain owner), while the > Conformance benefits seem to be more elusive (as evidenced by the > inconsistent adoption by receivers and the debates around interoperability > issues with indirect mail streams). Of course, the Authentication benefits > are provided by DKIM/SPF, and yet DKIM signers have no standard mechanism to > receive reports of how their signatures are being misused. > > If people think that Reporting is the reason why DMARC has been successful, > then could we conclude that the lack of Reporting to DKIM signers is a > problem worth addressing? That’s an interesting thought. I’m thinking the next step down - will it help minimize the problem for senders? ie, would reporting be fast enough that they could revoke a key? What might a report look like? laura -- The Delivery Expert Laura Atkins Word to the Wise [email protected] Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
