Hello, On Mon, Dec 18, 2023 at 01:01:58PM +0200, Taavi Eomäe via mailop wrote: > > And it seems none of the extra requirements do anything against > spam, because the spammers can (and do, see above) easily implement > all of those. > > I get the impression you can't see the forest for the trees. These methods > being easy to implement is exactly the goal. Once majority of mail is > properly authenticated more effective methods can be used to fight spam
While I do think that without SPF and DKIM, the spam problem would be lots worse right now, we are somewhat stymied by the fact that the foundation of authentication at present is the domain name. Which are trivially cheap, and keep growing in availability. For email there is no easy fix for that and it leads us towards a future where just DKIM-signing as an existing domain name with no negative reputation is not enough, since you share that same level of reputation with countless other spammer domains minted on the same day. Some would say we are already there, with "your domain doesn't have enough positive reputation" being a "reason" for a non-delivery. Maybe at some point in the near future senders will not only want to DKIM-sign with the aligning domain name but also their other, more-established domains, to show the link between them and assert that some new domain should be treated the same? If that happens, some will say it's another requirement, another frog-boiling exercise, but it's just the way things are being driven. The problems can't be simply ignored. In other news, I read that Gmail and the Linux Kernel Mailing List got into a staring competition over rate of email sending, and LKML blinked first, in deciding to reduce the amount of email they send: https://lwn.net/Articles/950567/ Now, in the linked email from Konstantin, Konstantin does say that reducing the amount of mail sent would make the list generally more readable, and only then goes on to mention Gmail's policies twice, so we might think this is not primarily about Gmail. However, in the comments section Konstantin also adds: > Having mail in the queue for retry is not a problem. Yes, it's a problem, because the person [at Gmail] then cannot receive *any* mail from us. When Greg KH used to send rapid-succession stable patchbomb series of 100-500 messages to linux-kernel, that meant nobody at gmail who is subscribed to LKML was able to receive any mail from us until their quotas cooled off. Thankfully, Greg doesn't do that any more after switching to the dedicated patches list. Huge queues also degrade performance, but it's less of a concern for us because Postfix is pretty good at managing huge queues and the systems that are sending out these mails are very beefy. Gmail publishes its rate-limits and they've always been there. They're not part of SMTP though; they're a Gmail policy. One can have views on whether a mailing list with 30k messages a month is sane, but people opted in to receive that mail and it's not spam. LKML has decided to change its behaviour, rather than just tell Gmail users to deal with it. So we all have to change our behaviours sometimes and a lot of the time that change is going to be forced by the giant mailbox providers. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop