On Thursday, December 10, 2015 7:16 AM, John Levine wrote: > ... > >The real question is: would spam filters still be able to do a good > >enough job if we removed these things? > > No, it's not. The question is whether there would be an overall gain in users' > privacy since providers would likely be less able to combat phishing and > other privacy attacks. > > Spam filtering is just part of it, and in this case not where the most important > effects would be.
I am not sure I understand correctly, but it seems the reference to phishing is in the context of "impersonated users." Bob receives a mail that appears to come from "[email protected]." Everything matches, SPF, DKIM, DMARC. So Bob actually believes the mail comes from Alice, and opens the attachment. But the mail actually comes from the evil Eve, who somehow managed to acquire Alice's password, and submitted the phishing message by authenticating as Alice to Alice's MSA. In that context, if Bob's UA notices that the submission IP comes from Upper Nowheristan instead of the usual Mirrorland, Bob's UA could pop up a warning, or block the message. Is that a correct summary of the concern? -- Christian Huitema _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
