> I can't see how what you described could >possibly scale to anything a large email provider would ever do, ...
This argument is going into the weeds. The question is whether the information in Received headers is useful for mail system management (which is not a synonym for spam filtering) and your apparent assertion that it only matters what giant mail systems do is pretty creepy. > Do you seriously think that Google has special-case header parsing to deal > with spam from Cornell students' infected computers? No, they just use > machine learning. Unfortunately, due to NDA's I can't talk about Google's spam filtering. >SPF allows me to discard all messages that claim to be from domain X but come >from IP addresses not listed for domain X, Yeah, we know what SPF does, and the many and wonderful ways that it doesn't quite do what it's supposed to. But since nobody has ever said that we use Received headers for sender authorization, there's still no point here. > And if the site _is_ trustworthy, then modulo a few small exceptions > like Cornell, it's not originating anything that can be reasonably > identified as spam, because if it could have been reasonably > identified as spam, it would never have been forwarded. Aw, come on. I get plenty of spam from Gmail and Yahoo, all of which is 100% SPF, DKIM, and DMARC compliant and has 100% real Received headers. Unless you are extremely unusual, you do too. Crooks sign up for public mail systems to send spam, and on mail systems of all sizes they steal or guess AUTH credentials to spam through compromised accounts, or compromise web servers and spam through buggy old drupal and wordpress setups. >> We don't use header chains for validation, we use it to figure out who >> to blame, who to alert, and who to block. > >I don't know who "we" is here. Is this really how Google, et al., operate? I can't talk about Google, but I can tell you from direct experience working around their DMARC damage that some other large mail systems use Received headers as part of their spam filtering process, which is not just checking sender authorization. Some of us go to conferences like MAAWG where we spend a lot of time talking to people who run all sorts of medium and large mail systems, and other conferences where we talk about security problems and responses to them with various combinations of cops and nerds. It's OK that you're not as familiar with all this stuff, just as I am not as familiar with a lot of the DNS and IPv6 stuff you do. But you might consider the possibility that we actually do know something about the areas in which we work. R's, John _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
