From: Bill Cole (postfixlists-070913billmail.scconsult.com)
Date: Sun Sep 16 2007 - 09:59:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 1:57 PM +0000 9/16/07, Mark Krenz wrote:
>On Sun, Sep 16, 2007 at 10:59:44AM GMT, Jan P. Kessler
>[postfixjpkessler.info] said the following:
>> Byung-Hee HWANG schrieb:
>> > Hi there,
>> >
>> > Does Postfix support Yahoo's DomainKeys?
>> > IMHO, I think DomainKeys is the best way to prevent spam.
>>
>> No, DomainKeys is a technique to prevent sender-forging. It does not
>> help to prevent SPAM as spammers may issue DomainKeys, too.
>>
>
> I think you're being a bit harsh. There is a great deal of spam out
>there that uses sender-forging. So it would help prevent some spam.
>Its not a 100% solution, but nothing is.

Right, but spammers have adopted DK and DKIM faster than the general
population.

On the systems I work with, signed mail is more likely to be spam
than non-spam and a large fraction of the signed mail from putatively
legitimate domains (e.g. Yahoo) is also spam. Detecting a valid
signature alone isn't just "not a 100% solution" it is not an aid of
any sort in detecting spam or detecting non-spam. Detecting an
invalid signature is a signal indicating spam, but it is not perfect
and is extremely rare, to the point of being essentially useless.

That leaves DK and DKIM in the same class as SPF: useful primarily as
a way to whitelist specific known-good senders with forgery
resistance. It's relatively expensive as an alternative to SPF, but
as long as the 800-pound lobotomized gorillas of the mail world
refuse to interoperate with just one such method, working with both
makes some sense.

--
Bill Cole
billscconsult.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]