Home page logo

nanog logo nanog mailing list archives

Re: gmail dropping mesages
From: "J.D. Falk" <jdfalk-lists () cybernothing org>
Date: Tue, 26 Apr 2011 17:08:16 -0700

On Apr 25, 2011, at 10:12 AM, Jeff Mitchell wrote:

If you trust the issued certificates(!) being used to sign the mail, you at least have a good indication that the 
spam is coming from the domain that it says it's coming from. This can make spam blocking much more effective because 
instead of simply hoping that a domain-based blocklist will block spam and not ham (due to spoofed sender addresses), 
you have a pretty good feeling that this will be the case.

Of course this relies on various other bits and pieces to fall into place, such as properly handling such messages 
(Gmail's detection and handling rules aren't public AFAIK), CAs not being compromised, etc. Not to mention that the 
spammers can simply register another domain and buy a new cert -- but then the argument above still holds.

DKIM doesn't use purchased certificates.  It's all self-signed.

As for catching spammers, using d= as an identifier is more effective at finding the good stuff than the bad stuff.  So 
if this list were signed by nanog.org, we (or our reputation systems) could all recognize that mail signed d=nanog.org 
rarely resulted in user complaints, and thus it must be mail the users want to receive; conversely, mail which spoofs 
nanog.org but is not signed can safely* be stored in the big bit bucket in the cloud.

J.D. Falk
the leading purveyor of industry counter-rhetoric solutions

* assuming nanog.org signs ALL mail -- but that's another long discussion

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]