On 29/03/07, John W. Baxter <jwblist3@???> wrote: > On 3/29/07 9:51 AM, "Marc Perkel" <marc@???> wrote:
>
> > Are domain keys something useful? I saw some messages about Exim and
> > domain keys and just wondering if I'm missing out on something.
>
> Well, lots of spam comes to us with domain keys (or DKIM, perhaps). Except
> for "trusted domains" the headers are almost a red flag, and if I had a more
> complete set of trusted domains, I might well add spam points for having
> domain keys.
>
> Remember, the spammers will destroy any good idea.
To expand on your point - Domainkeys and DKIM, along with SPF, allow
you to confirm with a degree of cerrtainty that the purported sender
of the mail did indeed send it. The fact that a message has a
signature that validates (DK/DKIM) or an SPF PASS shouldn't in itself
tell you that it's a message you want to accept. Combined with a
whitelist and a blacklist of trusted and unwanted senders
respectively, it starts to get useful. For example, assuming you want
to receive email from paypal.com, you can use DK to sift the real
paypal.com email from the phishing attempts with 100% accuracy. (OK,
someone will demonstrate a corner case which makes it less than
100%.....)
> Remember, the spammers will destroy any good idea.
bignastyspammer.com confirming their identity with DK/DKIM or SPF may
be a neutral thing (if you know nothing already about
bignastyspammer.com), or a good thing (you already know
bignastyspammer.com are spammers and you can reject with certainty).
And if neutral, your content scanner or your users can help train your
blacklist. Either way, it's definitely not a bad thing.
