[Mailman-Developers] dkim-signature headers
Michael Thomas
mat at cisco.com
Wed Feb 7 16:44:48 CET 2007
Bob Puff wrote:
> I confess not having read up on Domain Keys.. I did get into SPF a little, but
> understand its flaws as well.
>
> If a bad DK isn't bad, then how is this supposed to help spam? I mean, if the
> mere presence of some signature in the headers will increase the likelihood of
> an email being delivered (or at least help it NOT be tagged as spam), surely
> the spammers will pick up on this, and the whole benefit lost.
>
DKIM isn't about "solving" spam per se. It's about accountability. If
you know about a source, you can treat it differently. DKIM allows you
to know the source. That goes for both good and bad sources of mail.
> Example:
>
> Spammer takes a legit message from a DK sender, replaces it with his spam, and
> blasts it out with the original DK headers. The message has obviously been
> altered, and contains spam. Would it not be right to reject this message,
> since it fails the DK check?
>
It's no more right to reject based on a signature failure than any other
single test; how strong a weighting you give a signature failures depends
on a myriad of things -- if you want to prevent false positives. In fact,
I'd say that one of the DKIM provides is a better way to prevent false
positives rather than detecting spam per se. If you know and trust
a source, mail talking about v**gr* is more likely to be legit. Mail without
signatures or with broken signatures is just put through the normal unknown
source spam filter, so it's just neutral rather than spammy.
Mike
More information about the Mailman-Developers
mailing list