Home page logo

nanog logo nanog mailing list archives

Re: gmail dropping mesages
From: Jeff Mitchell <jmitchell () ll mit edu>
Date: Wed, 27 Apr 2011 13:37:11 -0400

On 04/26/2011 09:16 PM, Michael Thomas wrote:
On 04/26/2011 05:08 PM, J.D. Falk wrote:
On Apr 25, 2011, at 10:12 AM, Jeff Mitchell wrote:

If you trust the issued certificates(!) being used to sign the mail, you at least have a good indication that the spam is 
coming from the domain that it says it's coming from. This can make spam blocking much more effective because instead 
of simply hoping that a domain-based blocklist will block spam and not ham (due to spoofed sender addresses), you have a 
pretty good feeling that this will be the case.

Of course this relies on various other bits and pieces to fall into place, such as properly handling such messages (Gmail's 
detection and handling rules aren't public AFAIK), CAs not being compromised, etc. Not to mention that the spammers can 
simply register another domain and buy a new cert -- but then the argument above still holds.

DKIM doesn't use purchased certificates.  It's all self-signed.

Well, they aren't self-signed either; DKIM doesn't use x.509
style certs at all. It's just RSAPublicKey DER-encoded public
keys that are placed in the DNS.

Sorry, yes. I've had GPG and X509 on the brain lately. Thanks for the correction, Mike and J.D.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]