Re: [exim] DKIM

W B Hacker wrote:

>> The fault is with the rfc. Tis to vague on various points. Such as third party senders.
>> To my mind DKIM will go the same way as SPF. There needs to be a better policy introduced for controlling spam.
>> The death penalty comes to mind;-)
>>
>> David
>
> + rDNS fail (hard score)
>
> + dynamic-IP RBL hit (hard score)
>
> + HELO not matching to FQDN of connected IP (softer score)
>
> + 15s delay (zombots are impatient)
>
> + Local & remote BL of hte hard-core
>
> - a relatively modest White List ..
>
> *IS* near-as-dammit a 'death penalty' for spam.
>
> How does an infected WinBox get itself past those?
>
> Cheap, cheerful, no need for greylisting, light ClamAV, SA and similar
> resource loads.
>
> Enough of us do the basics, there is no need for SPF or DKIM, and sloppy
> DNS's entries of legit MTA's will get cleaned up 'Real Soon Now'.
>
> But it will *never* happen so long as we take the obsolete 'be generous
> with what you accept' road.
>
> Zombots rely on that ...
>
> Starve 'em!

Many of your solutions work for you purely because few other people use
them. The bulk of spam is easy to block. It's the less obvious stuff
that people spend 99% of their effort trying to come up with solutions
to block.

I still don't get this argument:

"Here's a mechanism to allow you to sign emails that come from your
domain so other systems can detect spoof attempts automatically"

"But spam exists. And that mechanism doesn't stop spam. Therefore it has
no use."

Mike