-- Mark Andrews > On 6 Jul 2025, at 09:01, Tim Howe via NANOG <[email protected]> wrote: > > One of the biggest problems I face is that spamming is largely accepted > as perfectly normal for some groups. > > Convince marketing people that they shouldn't be able to just email everyone > they can identify about anything they want and it just doesn't compute. > > I get more spam directly from Salesforce's network than anywhere else because > it's > a service their customers expect them to supply. > > Have fun fighting that. > > --TimH > >> On Sat, 5 Jul 2025 18:44:05 -0400 >> Barry Shein via NANOG <[email protected]> wrote: >> >> At the 2003 MIT Spam Conference there were two keynotes, myself and >> someone else who is highly esteemed in the e-mail world. >> >> They spoke about these various emerging (in 2003) authentication >> methods and I asked a question like any participant which echoed >> what's being said below: Aren't the bad guys just going to learn how >> to make their email authenticated? So all I know, with great >> certainty, is this email is from Phishing R Us, Inc? >> >> The answer was, well of course, but this will all work because we will >> also develop reputation systems. >> >> That was 2003, nearly a quarter century ago. >> >> Unfortunately too many of the problems on the internet were solved on >> paper (i.e., RFCs and their ilk) 20, 30, 40...years ago. >> >> But nothing came of them because writing down a clever engineering >> hack is a lot easier than herding a billion cats but the >> organizational structures lean heavily in favor of the "let's write up >> another clever engineering hack!" crowd. >> >> Put another way: Why is there no economics behind solving any of this? >> >> In other areas like, e.g., creditworthiness vast infrastructures have >> been built and maintained and seem to work well enough to keep the >> lenders afloat (actually, to keep them among the wealthiest in all of >> world history.) >> >> But this stuff remains mostly a volunteer effort except where someone >> can maybe spin up a consultancy or customized service but it's always >> tiny in the scheme of things. >> >> Follow the money? Apparently there is no money to follow! >> >>> On July 5, 2025 at 16:11 [email protected] (John Levine via NANOG) >>> wrote: >>> It appears that Michael Thomas via NANOG <[email protected]> said: >>>> Email doesn't even have that. Thunderbird, which is what I use, has >>>> precisely *nothing* to say about DKIM/SPF/DMARC. >>> >>> Well, yeah. As you surely know as well as anyone, if a message is >>> authenticated that tells you nothing about whether it's mail you want >>> or mail that's malicious. For that you need a reputation system that >>> knows something about the domain that's authenticated. That seems a lot >>> easier to do at delivery time and put the bad ones in the Junk folder, >>> or don't deliver them at all. >>> >>>> Do you have any visibility into, say, MAAWG and why they don't take this >>>> up as a standards effort? >>> >>> Honestly, they'd just laugh. It's not a new idea, and there is a great >>> deal of experience that says asking users to make security decisions in >>> the UI mostly adds confusion. >>> >>> On the other hand, if you use Thunderbird, I don't think it'd be very >>> hard to write a plugin that looks at the Authentication-Results: >>> header and adds locks or skulls and crossbones to the message display. >>> Try it, tell us how you like it. >>> >>> You can start with this one: >>> >>> https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/ >>> >>> R's, >>> John >>> _______________________________________________ >>> NANOG mailing list >>> https://lists.nanog.org/archives/list/[email protected]/message/ZKODZNYV5ZDW322P6IU52G56SSYTCCWN/ >>> >> > > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/JZFJX3FAFGMQFDWNWTG3LWTIZIZIUUBB/
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/HXMHPZEYKHZILZB2MJRYKBJHB6SBN6V2/
