Re: [exim] Understanding DKIM examples

Top Page
Delete this message
Reply to this message
Author: Yuri D'Elia
Date:  
To: exim-users
Subject: Re: [exim] Understanding DKIM examples
On 03/24/2013 01:33 PM, Lena@??? wrote:
>> I would really love to reject invalid DKIM signatures outright,
>
> What for - for spam filtering? Did you ever see a DKIM signature present
> in a spam (not through a legitimate mailing list) but broken?
> Spammers do make DKIM signatures, but for domains they control,
> correct signatures.


I do receive spam with forged DKIM signatures for known domains.
But I cannot reject them, because I also have broken signatures
originating from mailing lists for that same domain.

>> so here we only consider signatures for the envelope sender's domain (if
>> any). If there is one, and it's broken, we reject the message. If a DKIM
>> signature was just appended by a mailing list which rewrote the message
>> by properly using VERP, this should work. Or not?
>
> If a mailing list of a forwarder doesn't alter envelope-from but
> changes something then you'll reject legitimate mail. For example,
> if a forwarder wrongly suspected that the forwarded letter is spam
> and marked it in Subject.


This one I already accounted as a possibility.

> I think that this check can cause only harm without any benefit.


I'm trying hard to see any positive effect of DKIM right now.

I've been tagging emails for some time with different strategies, but I
cannot get any SNR out of it. Most of the time I got broken signatures
was from legitimate (but incorrectly configured) systems.

I'm wondering if any of you have any numbers on DKIM usefulness for
anything? I've been running some tests on a couple of low volume
servers, and I really have no correlation of dkim failures to anything
except bad configuration or transient errors.