Emails are sent from a mail server (a MTA) to another. The receiving MTA chooses to accept or not the email, hence deliverability issues. Most antispam filters are based on the idea than a given mail server has a specific probability of sending spam. For instance, a mail server sending Viagra spam has either a security breach (enabling spammer to use it) or is a spam server. In both cases, the receiving MTA should reject emails coming from this server. (As we all know, this approach has its limitations but this is not the point of this post.) Therefore each IP sending mail is scored with respect to its history.
But using an IP address as the unit (the grain) for scoring introduces some important problems. For instance,
- IP address are usually not « owned » by email senders (whether ESP or corporate customers), hence they are unreliable over time.
- IP address changes over time: new servers are added, some are deprovisioned
- No authentication are « embedded » inside the score.
- A lot of email senders are sending their emails on a lot of different IP addresses.
For instance,
- It is easy to bypass the reputation system to send phishing emails.
- Enabling or deprovisioning a mail server is complicated.
- Shared mail servers are not handled at all in this system: what can you infer from a shared email servers with different sending patterns?
- An ESP using three different IP addresses can have some emails accepted while others would be rejected.
A system abstracting IP address and binding an email sent to this system would solve these issues. The good news is that it is already here: it is the domain name system or DNS.
Currently SMTP (the email protocol) provides no way to bind an email to a domain name (for instance you can send email from Gmail servers with any domains you want). This is why some new protocols have been issued. The main ones are SPF, SenderId, Domain Keys and DKIM.
Each has its own set of specificities but they all share some common traits: they bind an email sent to a DNS entry. Because of this binding, antispam filters can score now the domain names instead of the IP address (reflecting for instance a specific sender).
SPF and SenderID are using IP addresses while DK and DKIM are using a public/private key system.
It seems that antispam filters will not stop using IP addresses but the importance of the domain name will grow. In a further post, I will examine what it means for ESP, their customers.
Comments