jwz
Taking a stroll through my spam folder, I saw a bunch of legitimate messages from people and companies with their own domains, that are not publishing DMARC and SPF records. Surely everyone (and by everyone I mean Google) is rejecting their mail? How do they not realize this?
Then I noticed that one of them was received *from* gmail, so their mail probably works fine so long as they only mail gmail users. But another was via Yahoo, so that doesn't track.
https://jwz.org/b/ykk8
mx alex tax1a - 2020 (5)
@jwz @grumpybozo just one more public key in a TXT record, that'll fix email, just gotta add one more TXT record bro
jwz
@grumpybozo Wow, that's amazing. Great job everybody! So glad we spent so much time implementing all of that crap!
🆘Bill Cole 🇺🇦
@jwz The stats we collect for the #SpamAssassin project (mass-scan results from participating sites) have long shown that spammers are more consistent at making SPF, DKIM, and DMARC correct than are legitimate senders. DMARC in particular has no discernible benefit for most senders, so it is a useless signal.
Rejecting mail based solely on authentication failures of those deeply flawed authentication methods does more harm than good.
mx alex tax1a - 2020 (5)
@grumpybozo @jwz and don't get us started on how dnssec is untroubleshootable garbage whose main failure mode is to turn your entire domain into an unresolvable sinkhole
🆘Bill Cole 🇺🇦
@atax1a @jwz It is a frustration that for DKIM, DMARC, and SPF to be as trustworthy as possible, one must deploy DNSSEC correctly and defend one's domain against any threat to its reputation but all the spammers need to do is buy a cheap domain with any old garbage DNS and get a handful of records right.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.