Incoming SMTP in the year 2017 and absence of DKIM

Owen DeLong owen at delong.com
Thu Nov 30 19:16:09 CST 2017


> On Nov 30, 2017, at 10:28 , John Levine <johnl at iecc.com> wrote:
> 
> In article <B9B24A4F-B0B0-484E-9039-0F68556DE014 at delong.com> you write:
>>> Or, for a more empirical way to look at it, there's reasonable correlation
>>> between having missing, generic or incorrect reverse DNS and the host
>>> being a source of unwanted or malicious email.
>> 
>> I’m not so sure about that.
> 
> It's a one way correlation.  If the rDNS is busted, you can be pretty
> sure you don't want the mail.  If the rDNS is OK, you need more clues.

Pretty sure, but far from certain.

Even this one-way correlation is rather tenuous. It’s mostly harmless because
everyone knows that mail servers are filtering on this basis and legitimate
senders therefore force themselves into workarounds.

In an ideal world, I wouldn’t mind accepting email from Bj0rn’s laptop directly,
but today, the price of doing so in SPAM is just too high, so I don’t.

Fortunately for everyone’s sake, Bj0rn, while he may not like it, seems to find
a way to send his email via some mechanism that allows me to receive it from
a  host that has working rDNS.

>> Unfortunately, until we get widespread deployment of something better than IP reputation based
>> systems, ...
> 
> You might take a look at how current spam filters work.  Spamassassin
> is as good an example as any.  It does dynamic weigthted scoring of a
> lot of factors, of which IP reputation is only one.  I find that I can
> use conservatively run IP blacklists as a cheap prepass to avoid
> sending the mail to spamassassin at all, but there's a lot more than
> IP by the time the mail does or does not get delivered.  DKIM is
> useful if have opinions about the reputations of the signing domains,
> not purely by whether there's a signature.

Spamassassin is as good an example as any and while it can be effective if you’ve
got the cycles to keep it constantly updated and fed with new information and…,
it’s a rather large PITA for a small site with an admin that needs to count on
most things running on autopilot most of the time in order to survive.

So, while it might be a higher-quality solution, I’d argue that it’s not completely
“better” in that any autopilotable configuration of it involves a high degree of
false negatives or an unacceptable level of false positives.

>> Perhaps this is simply the inherent cost of maintaining an open communications infrastructure with
>> a low barrier to entry and the potential for anonymous communications which I believe has value
>> to society and should be preserved. Perhaps someone smarter than I will some day develop a better
>> solution.
> 
> It seems to be an axiom that any community large enough to be
> interesting is large enough to contain people who are malicious, so
> even requiring that people be identified won't help.

People who want to be malicious are usually less willing to do so if they know that
they will be identified, so actually, it does help.

i.e. rarely to bank robbers sign their names to the robbery note.

Owen



More information about the NANOG mailing list