On Mon, Jul 08, 2019 at 06:54:51PM -0600, Keith Medcalf wrote:
This is because DKIM was a solution to a problem that did not exist.
This is correct. We have always known the IP address of the connecting MTA, therefore we have always known the network it resides in, therefore we have always known who is responsible for what transits that connection. Worse, this (poorly) attempts to wallpaper over the problems of compromised systems/accounts. Do recall that not long ago we learned that EVERY Yahoo account was compromised. Anyone who thinks that Microsoft or Google or Comcast or anyone else are doing any better is naive: it's not a question of whether they've also suffered mass compromises, only a question of how many and when they'll publicly admit it. This isn't surprising. The real underlying problems here are tough and expensive, thus it's far easire to do (nearly) meaningless feel-good work, declare the problems solved, and engage in a round of self-congratulation. It *appears*, and that's a preliminary assessment on my part, that SHAKEN/STIR is following this same track. ---rsk