Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...and everything you mention doesn't help shit for mitigation of spam because all spamming domains have SPF entries meanwhile, too. Which, by definition of its concept, can also be a lie that no receiving server cares about.

SPF, DKIM, DMARC are even more useless than the dbl protocol of spamhaus.

Also: this DMARC action is used for tracking whether or not an email was received, without the client of the receiving address needing to do any action.

So yep, it's also a privacy invasion.



>...and everything you mention doesn't help shit for mitigation of spam because all spamming domains have SPF entries meanwhile, too.

It does help stop false attribution of spam mail, though; spammer@example.net can't pretend to be sending mail from example.org.

It does lose its effectiveness when huge mail domains (e.g. GMail) can pump out so much spam, though, or when domains share email hosts (and therefore different tenants will be sending from the same IP addresses - another reason why IPv4 exhaustion is bad, isolation would work better with IPv6).


> Also: this DMARC action is used for tracking whether or not an email was received, without the client of the receiving address needing to do any action. > > So yep, it's also a privacy invasion.

Isn't it just the receiving mail SERVER acknowledging receiving the message? That says nothing about mailbox access or reading. I would not consider it a privacy invasion.

Most modern communication apps have a similar process of separating "sent", "received" and "displayed to user" which is super useful. Apart from the last part I would not consider them a privacy violation and you can usually turn that off. Similarly, if I download my mail to a local client, the server never knows if or when I read it and definitely not the sender.

But maybe I am missing your point, could you elaborate if that is the case?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: