Click the comments link on any story to see comments or add your own.
Subscribe to this blog
11 May 2015
The IETF is once again wrestling with e-mail authentication and reputation, this time in the context of DMARC, particularly the long running issue of DMARC vs. mailing lists. We have a bunch of proposals with various techniques of signing messages, asking various parties who is authorized to send what. Some of them seem workable, but a lot aren't. I have found that a few basic rules that apply to any reputation scheme make it a lot easier to evaluate whether a proposal can work.
Assume a simplified world with Good and Bad senders sending mail to Recipients.
This actually isn't an axiom, but rather a lemma since it is easily proved by contradiction. Assume a Good sender can assert something that makes it better than all Bad senders. But anything a Good sender can say, a Bad sender can also say. Hence a Bad sender can assert something that makes it better than itself, a contradiction, so the assumption was false. Q.E.D.
An example of a neutral thing is a DKIM signature, which only says "this is me." The recipient needs some extra information from somewhere else, the receiver itself or a third party, for it to be useful and to decide whether "me" is Good or Bad.
A corollary of the axiom/lemma is that good external assertions have to come from third parties. Add to this the observations that third parties have to be trusted for their assertions to be useful, and that establishing trust relationships is hard, and we get:
This means, for example, that a system that depends on mailing lists all registering themselves somewhere is unworkable. Partly that's because getting the desirable lists to sign up is hard since they usually have better things to do, while spammers and sleazy mailers will spend unlimited effort to sign up for anything that might improve their deliverability by 0.1%.
A scheme where a single third party holds reputation information about many senders can work, but that wanders off into the world of economics: Spamhaus provides large amounts of reputation information, and they are viable in the long term because that information is valuable enough that people pay for it. (Small users get it free, but big ones pay, usually quite cheerfully.) In the case of mailing lists, a third party whitelist of mailing lists would be technically doable, but there's no money to support it and history has shown that unpaid volunteer efforts, no matter how well intentioned, rarely last long.
I think there's another axiom here about schemes that depend on receivers managing their own data, e.g., the mailing lists they know about, but other than a vague sense that it can work, and that it's different for large receivers with lots of local data and small receivers without, it's not yet clear what it is.
My other sites
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.