Internet and e-mail policy and practice
including Notes on Internet E-mail


2015
Months
May

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email

11 May 2015

The theory of e-mail reputation Email

The IETF is once again wrestling with e-mail authentication and reputation, this time in the context of DMARC, particularly the long running issue of DMARC vs. mailing lists. We have a bunch of proposals with various techniques of signing messages, asking various parties who is authorized to send what. Some of them seem workable, but a lot aren't. I have found that a few basic rules that apply to any reputation scheme make it a lot easier to evaluate whether a proposal can work.

Assume a simplified world with Good and Bad senders sending mail to Recipients.

The Fundamental Axiom of E-mail Reputation

You cannot say good things about yourself, only neutral or bad things.

This actually isn't an axiom, but rather a lemma since it is easily proved by contradiction. Assume a Good sender can assert something that makes it better than all Bad senders. But anything a Good sender can say, a Bad sender can also say. Hence a Bad sender can assert something that makes it better than itself, a contradiction, so the assumption was false. Q.E.D.

An example of a neutral thing is a DKIM signature, which only says "this is me." The recipient needs some extra information from somewhere else, the receiver itself or a third party, for it to be useful and to decide whether "me" is Good or Bad.

A corollary of the axiom/lemma is that good external assertions have to come from third parties. Add to this the observations that third parties have to be trusted for their assertions to be useful, and that establishing trust relationships is hard, and we get:

Schemes that depend on multiple third parties do not scale.

This means, for example, that a system that depends on mailing lists all registering themselves somewhere is unworkable. Partly that's because getting the desirable lists to sign up is hard since they usually have better things to do, while spammers and sleazy mailers will spend unlimited effort to sign up for anything that might improve their deliverability by 0.1%.

A scheme where a single third party holds reputation information about many senders can work, but that wanders off into the world of economics: Spamhaus provides large amounts of reputation information, and they are viable in the long term because that information is valuable enough that people pay for it. (Small users get it free, but big ones pay, usually quite cheerfully.) In the case of mailing lists, a third party whitelist of mailing lists would be technically doable, but there's no money to support it and history has shown that unpaid volunteer efforts, no matter how well intentioned, rarely last long.

I think there's another axiom here about schemes that depend on receivers managing their own data, e.g., the mailing lists they know about, but other than a vague sense that it can work, and that it's different for large receivers with lots of local data and small receivers without, it's not yet clear what it is.


  posted at: 00:06 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/theoryrep.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
It turns out you don’t need a license to hunt for spam.
201 days ago

A keen grasp of the obvious
Italian Apple Cake
759 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed



© 2005-2024 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.