[139981] in North American Network Operators' Group
Re: gmail dropping mesages
daemon@ATHENA.MIT.EDU (J.D. Falk)
Tue Apr 26 20:08:27 2011
From: "J.D. Falk" <jdfalk-lists@cybernothing.org>
In-Reply-To: <4DB5AB68.1030406@ll.mit.edu>
Date: Tue, 26 Apr 2011 17:08:16 -0700
To: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 25, 2011, at 10:12 AM, Jeff Mitchell wrote:
> If you trust the issued certificates(!) being used to sign the mail, =
you at least have a good indication that the spam is coming from the =
domain that it says it's coming from. This can make spam blocking much =
more effective because instead of simply hoping that a domain-based =
blocklist will block spam and not ham (due to spoofed sender addresses), =
you have a pretty good feeling that this will be the case.
>=20
> Of course this relies on various other bits and pieces to fall into =
place, such as properly handling such messages (Gmail's detection and =
handling rules aren't public AFAIK), CAs not being compromised, etc. Not =
to mention that the spammers can simply register another domain and buy =
a new cert -- but then the argument above still holds.
DKIM doesn't use purchased certificates. It's all self-signed.
As for catching spammers, using d=3D as an identifier is more effective =
at finding the good stuff than the bad stuff. So if this list were =
signed by nanog.org, we (or our reputation systems) could all recognize =
that mail signed d=3Dnanog.org rarely resulted in user complaints, and =
thus it must be mail the users want to receive; conversely, mail which =
spoofs nanog.org but is not signed can safely* be stored in the big bit =
bucket in the cloud.
--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions
* assuming nanog.org signs ALL mail -- but that's another long =
discussion=
