[messaging] Hashing entries in a transparency log

elijah elijah at riseup.net
Thu Sep 4 10:04:18 PDT 2014


On 09/04/2014 08:57 AM, Daniel Thomas wrote:

>> Sending *domain* not user. No spam filter I'm aware of tries to calculate
>> inbound reputations on a per user basis.
> 
> True. This is probably due to a number of factors (including not enough
> per user data) but perhaps it would become possible if the sending user
> could be authenticated to the recipient spam filter? DKIM and SPF only
> really authenticate the sending domain as some domains allow users to
> send email as if from other users at the same domain (they shouldn't but
> it used to be possible here).

With DKIM, the provider can pick which headers it will sign (on an email
by email basis). It is common for the "From" header to be signed when
the provider requires authenticated SMTP and for the "From" header to
match the authenticated user.

But, yes, in general, email is a system of delegated reputation. My
reputation as someone who wants to send email is entirely dependent on
the reputation of my provider, who must aggressively police its users if
it wants to keep that reputation.

-elijah




More information about the Messaging mailing list