|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: usage of domain keys
From: Harvey Smith (harvey
buskers.org)
Date: Tue Jun 06 2006 - 20:28:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Jun 06, 2006 at 08:06:05PM -0400, Wietse Venema wrote:
> Harvey Smith:
> > On Tue, Jun 06, 2006 at 05:46:53PM -0400, Victor Duchovni wrote:
> > > On Tue, Jun 06, 2006 at 11:36:27PM +0200, Robert Schetterer wrote:
> > >
> > > > how is your experience about domain keys, can anybody tell a little bit
> > > > how much spam would it stop ....
> > >
> > > None. Domain Keys authenticates message origin. It at this time a
> > > whitelisting technology to help prevent FPs for sources you trust.
> >
> > I don't even see how it could be used for this. If I 'trust' a source
> > as to not be forging the envelope From then I can simply ban the email
> > address if they're sending spam or whitelist it if not. I get a fair
> > amount of 419 style spam from yahoo servers which I don't accept
> > becuase its not whitelisted and I can't see how DK would help me in
> > this whitelisting. Since I trust the source I can whitelist the address.
>
> If someone knows that you trust domain example.com, anyone could
> send mail with an example.com sender address and exploit your trust.
In my case not anyone, it has to come from a source (ie client host) I
trust. I guess the servers I run just aren't big enough to see an
issue, but I seem to get zero emails from sources I trust forging
email addresses where DK is being used. I do get forgeries of course,
usually phishing scams. Perhaps if DK becomes more widely deployed it
will be more useful. What is very useful to me right now is using
postfix's smtpd_restriction_classes to divide the inbound client hosts
up to determine how much I trust them. Eg. if you want to claim your
[SomeBigBank] you'll need to be in the appropriate
smtpd_restriction_class.
>
> With DK or other forms of in-message authentication, the recipient
> can distinguish between mail that actually comes from example.com,
> and mail that only pretends to be from example.com.
I can see where this would be useful in the future maybe, DK seems
like a beter system than SPF which i dislike.
--
Harvey
>
> Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]