Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

[Barry Shein via NANOG <nanog () lists nanog org>]

Who is having this spam problem are the people and companies expending
resources keeping that spam out of your inbox.

What's the current estimate? Around 90% of all email volume is spam.

You can say "well I don't see it so I don't care" but that's a little
like who needs the police I've never been mugged.

This is an operations and infrastructure list.

On July 6, 2025 at 15:08 nanog () lists nanog org (Michael Thomas via NANOG) wrote:
> On 7/6/25 2:05 PM, Barry Shein via NANOG wrote:
> > So all I'm saying is we have to start thinking more about disrupting
> > spammers' economics and less about designing sharper razor wire
> > fences.
> Really? Why? I rarely get spam (UCE) these days through my Google linked 
> accounts, and haven't for years. I assume most of the major mailbox 
> providers need to keep up with Google, so their customers probably 
> aren't getting a lot of spam either. For the mailbox providers, it's 
> just a cost of doing business, and reducing Google's cost of doing 
> business isn't very high up on my list of concerns.
>
> I suspect that the same is true of enterprise mailboxes as well since if 
> the anti-spam vendors couldn't keep up, it would give more incentive to 
> outsource their mail to somebody who could. And again, reducing their 
> cost of doing business isn't very high up on my list of concerns.
>
> So who exactly is having this spam problem these days? I suppose if 
> you're running sendmail and spamassassin it might be bad (I personally 
> gave up on that) but that's in the long tail of people being ornery 
> rugged email individualists. Again, not something very high up on my 
> list of concerns.
>
> Is there some other large set of mailboxes that I'm missing here? 
> Ideally mailboxes that I would care about their economics?
>
> That is distinctly different than phishing and its social engineering 
> aspect. Doubly so with spear-phishing which by its nature, the content 
> is likely to look like legitimate email. Phishing can be catastrophic 
> and will always be a concern. This is where the meta information of 
> authn, etc, become more important in the fight to combat it, but that's 
> different than UCE.
>
> Mike
>
> _______________________________________________
> NANOG mailing list 
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/EAHHNWMCOBBEHZEHKTHSJTUY7PHNOECB/

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/Z7ECAHQ2UCU4JFMIFKH6PGJ6BE7USEBR/