Home page logo
/

nanog logo nanog mailing list archives

Re: gmail dropping mesages
From: Dave CROCKER <dhc2 () dcrocker net>
Date: Mon, 25 Apr 2011 10:21:02 -0700



On 4/22/2011 4:24 PM, Lynda wrote:
Nearly all of the spam I see is DKIM signed. It just makes messages bigger.
I'd just as soon our volunteers spend their times on other things, myself.


In the off-chance you are assuming that the presence of a DKIM signature is
supposed to mean something about the quality of a message, please note that it
isn't.  It is only meant to supply a reliable, valid identifier, with which
assessments can then be made.  That assessment step is where the fun happens.

See:

   <http://dkim.org/specs/draft-ietf-dkim-deployment-11.html>

For reference, spammers are typically early adopters of newly security
standardized mechanisms, in the (demonstrably valid) belief that some folk
confuse identification with quality assurance.

In particular, the DKIM d= identifier is primarily helpful for avoiding false
positives.  That is, it is for an assessment process targeting signers you
trust, rather more than for targeting those you don't. If you don't care about
the trust side of the filtering equation, I suspect DKIM will not be all that
helpful for you.

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]