Simplenote scam email
But both DKIM and SPF are a pain to setup and/or plain wrong or fragile. It consists largely of SPF and DKIM (with some reporting added in). To start with, DMARC is barely worth focusing on. I had to implement DMARC for an organisation once, and I'm totally unsurprised nobody else is bothering to. But I wonder how many people have sent messages straight to spam folders once they enabled SPF for their domains. I am friendly enough to help them fix their systems. I can't even begin to count the number of cases where I was contacted because my servers rejected incoming e-mail, only to point out to the sender that they had configured their own SPF record to mark all of their own e-mail as spam. There is just too much risk that DMARC-enabled messages are treated as spam or, in the case of mailing lists, that they break everybody else's mail.ĭKIM and SPF on the other hand are reasonably sane, assuming they are managed by an IT department that knows what they are doing. No competent IT person would ever deploy it for anything other than newsletters. It is utterly broken when being used to send person-to-person or person-to-group e-mails. That's not was SPF was designed for, and not surprisingly all hell breaks loose when somebody does this.ĭMARC is (barely) usable for sending newsletters from the marketing department. DMARC completely ignores all of these technical considerations and erroneously uses SPF to verify the header-From. There are very good technical reasons, why it protects envelope-From, but doesn't protect header-From. In particular, SPF protects the envelope-From information. SPF and DKIM are both reasonable solutions to fighting counterfeit e-mail. So what's the economic model for that solution approach? How attractive would your email system be if the spammers were afraid to send email there? Today you could conquer the spammers and tomorrow you could conquer the world (of email) !
My favored approach would be to work with the potential victims to give them the tools to help put the spammers out of business. Find out where they are getting their money and block it. If we actually want to seriously address the spam problem, then we need to go after the spammers' economic models. After some researchers proved the scam was as good as printing money, they changed the rules of the game ON THE ECONOMIC SIDE, and now you don't see that kind of spam anymore.
Proof of concept in the only major form of spam that has been cured: Pump-and-dump stock-scam spam. I'm convinced the real reason that spam will live forever is because spam is an economic problem and NO amount of technical finesse or finagling is going to "solve" it. Don't implement it and your company's emails are more likely to end up in our users spam folder, simple as thatĪnd exactly what is the economic cost of that to the 80% who don't implement it? Not sure what the 80% is counting against, but it is clear that the 80% thinks it costs more to implement DMARC than to ignore it.