Re: [exim] Gmail's new 'suspicious sender' flag

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MJan Ingvoldstad at <-
MJan Ingvoldstad at ->
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: W B Hacker
CC: exim users
Subject: Re: [exim] Gmail's new 'suspicious sender' flag

On 6 Jul 2011, at 12:39, W B Hacker wrote:

>
> Perhaps a 'Senior Moment' here - but I *thought* DKIM was the fix to (some of) the SPF shortcomings, and had become the more widely adopted toolset?

No, it addresses a different issue, protecting rfc2822, not rfc2821. Actually, they work quite nicely together.

> Mind - not that I use either one (nor greylisting, nor SpamAssassin, nor ...
>
> YMMV, but if one is to use such things, I suspect DKIM is already the only one still well-supported.

They're about equally deployed by the senders that we see, with about 50% of non-spam messages from domains that publish SPF records, and about 50% are DKIM signed. Neither tells you that a message came from the purported sender. DKIM failure tells you nothing about the message (indeed mailing lists usually break DKIM signatures. SPF failures can occur with forwarding.

Since few message paths involve both forwarding AND a mailing list, the sensible thing to do is publish SPF records AND DKIM sign your messages. The recipient MTA should then see EITHER an SPF pass or a valid DKIM signature, or both. At that point, the MTA then has to consult some kind of reputation service for the SMTP sender domain, or the DKIM signer domain (depending on which passed).

> Bill

--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Gmail's new 'suspicious sender' flagRe: [exim] Gmail's new 'suspicious sender' flag->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)