Hello,
On Mon, Dec 18, 2023 at 01:01:58PM +0200, Taavi Eomäe via mailop wrote:
> > And it seems none of the extra requirements do anything against
> spam, because the spammers can (and do, see above) easily implement
> all of those.
>
> I get the impression you can't see the forest for the trees. These methods
> being easy to implement is exactly the goal. Once majority of mail is
> properly authenticated more effective methods can be used to fight spam
While I do think that without SPF and DKIM, the spam problem would
be lots worse right now, we are somewhat stymied by the fact that
the foundation of authentication at present is the domain name.
Which are trivially cheap, and keep growing in availability.
For email there is no easy fix for that and it leads us towards a
future where just DKIM-signing as an existing domain name with no
negative reputation is not enough, since you share that same level
of reputation with countless other spammer domains minted on the
same day. Some would say we are already there, with "your domain
doesn't have enough positive reputation" being a "reason" for a
non-delivery.
Maybe at some point in the near future senders will not only want to
DKIM-sign with the aligning domain name but also their other,
more-established domains, to show the link between them and
assert that some new domain should be treated the same?
If that happens, some will say it's another requirement, another
frog-boiling exercise, but it's just the way things are being
driven. The problems can't be simply ignored.
In other news, I read that Gmail and the Linux Kernel Mailing List
got into a staring competition over rate of email sending, and LKML
blinked first, in deciding to reduce the amount of email they send:
https://lwn.net/Articles/950567/
Now, in the linked email from Konstantin, Konstantin does say that
reducing the amount of mail sent would make the list generally more
readable, and only then goes on to mention Gmail's policies twice,
so we might think this is not primarily about Gmail. However, in the
comments section Konstantin also adds:
> Having mail in the queue for retry is not a problem.
Yes, it's a problem, because the person [at Gmail] then cannot
receive *any* mail from us. When Greg KH used to send
rapid-succession stable patchbomb series of 100-500 messages to
linux-kernel, that meant nobody at gmail who is subscribed to
LKML was able to receive any mail from us until their quotas
cooled off. Thankfully, Greg doesn't do that any more after
switching to the dedicated patches list.
Huge queues also degrade performance, but it's less of a
concern for us because Postfix is pretty good at managing huge
queues and the systems that are sending out these mails are
very beefy.
Gmail publishes its rate-limits and they've always been there.
They're not part of SMTP though; they're a Gmail policy. One can
have views on whether a mailing list with 30k messages a month is
sane, but people opted in to receive that mail and it's not spam.
LKML has decided to change its behaviour, rather than just tell
Gmail users to deal with it.
So we all have to change our behaviours sometimes and a lot of the
time that change is going to be forced by the giant mailbox
providers.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
