On Mon, Oct 27, 2025 at 05:13:54PM +0300, monodev wrote: > On 10/27/25 8:38 AM, tomas@tuxteam.de wrote: > > This is a Good Thing, actually. you can participate in a mailing list without > > having your identity linked to your real life persona. In repressive regimes > > (and every one can become one, eventually) this can be a life saver. > > These are unrelated. SPF/DKIM breaking when a mailing list delivers mail to > you does not help your anonymity, as the mailing list presumably does some > checks when you send it mail. If it doesn't it's a free for all and anyone > can pretend to be anyone else on the list. You talked about identity. SPF/DKIM is not about identity. > A court can check whether this is the case or not, but spam filters can't, > so delivery rate suffers for no benefit. Getting spam under control with SPF/DKIM is (and always has been) a fool's errand. The result is that a sizeable part of the spam I get these days has correct SPF/DKIM, washed through some throwaway account from a Big Provider. I'm enough of a cynic to think that, for some, this was the plan all along: "don't spam us, we spam you". > > That said, if you actually want others to be able to check your identity, > > you can gpg sign your mails (as I do). But it's *you* who picks that > > identity. > This practice being standardized as a general and automated mail > authentication protocol would not be much different than DKIM except being > per-address instead of per-domain. There's one big difference: with mail signature/encryption, it's mainly the mail body you are protecting (against tampering/eavesdropping). With DKIM it's a set of headers plus some portion of the body. Plus: mail sig/encription is *under the user's control*, DKIM is under the user's provider's control. Guess which one I prefer. > DKIM alone is currently not considered enough by most (if not all) big > mail services. Many (e.g. Microsoft) do what they want, anyway. They /are/ the rule. Back to feudalism. Cheers -- t
Attachment:
signature.asc
Description: PGP signature