Gmail's receiving mostly authenticated email
Tom Ritter
tom at ritter.vg
Sun Dec 15 11:23:09 PST 2013
I saw that article too, and thought it was interesting, but I noticed
something odd in their statistics:
"""
91.4% of ***NON-SPAM*** emails sent to Gmail users come from
authenticated senders, which helps Gmail filter billions of
impersonating email messages a year from entering our users’ inboxes.
More specifically, the 91.4% of the authenticated ***NON-SPAM***
emails sent to Gmail users come from senders that have adopted one or
more of the following email authentication standards: DKIM (DomainKey
Identified Email) or SPF (Sender Policy Framework).
""" (emphasis mine)
http://googleonlinesecurity.blogspot.com/2013/12/internet-wide-efforts-to-fight-email.html
So first Google runs their pretty-good-but-not-perfect spam filtering,
then they look at what they're categorized as non-spam to generate
those statistics. The ham (not spam) emails that are miscategorized
are much more likely to be omitting SPF/DKIM, so there's a bit of
selection bias occurring.
Also, for what it's worth, SPF isn't related to crypto at all, and is
ridiculously easy to set up for 'normal' domain admins. (That is,
domain admins with a couple well-known SMTP servers, and not some
crazy distributed architecture.) There's a great calculator online
for it here: https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx
There's some tricky questions people may not know the answer to, but
omitting answers will only create a more _permissive_ policy, rather
than run the risk of borking your email.
-tom
More information about the cypherpunks
mailing list