Author: Ian Eiloart Date: To: W B Hacker CC: exim users Subject: Re: [exim] Gmail's new 'suspicious sender' flag
On 6 Jul 2011, at 12:39, W B Hacker wrote:
>
> Perhaps a 'Senior Moment' here - but I *thought* DKIM was the fix to (some of) the SPF shortcomings, and had become the more widely adopted toolset?
No, it addresses a different issue, protecting rfc2822, not rfc2821. Actually, they work quite nicely together.
> Mind - not that I use either one (nor greylisting, nor SpamAssassin, nor ...
>
> YMMV, but if one is to use such things, I suspect DKIM is already the only one still well-supported.
They're about equally deployed by the senders that we see, with about 50% of non-spam messages from domains that publish SPF records, and about 50% are DKIM signed. Neither tells you that a message came from the purported sender. DKIM failure tells you nothing about the message (indeed mailing lists usually break DKIM signatures. SPF failures can occur with forwarding.
Since few message paths involve both forwarding AND a mailing list, the sensible thing to do is publish SPF records AND DKIM sign your messages. The recipient MTA should then see EITHER an SPF pass or a valid DKIM signature, or both. At that point, the MTA then has to consult some kind of reputation service for the SMTP sender domain, or the DKIM signer domain (depending on which passed).
> Bill
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148