nanog mailing list archives
Re: Incoming SMTP in the year 2017 and absence of DKIM
From: Michael Thomas <mike () mtcc com>
Date: Wed, 29 Nov 2017 10:33:00 -0800
A broken DKIM signature is indistinguishable from a lack of a signature header. It's possible that as a heuristic you might be able to divine something from lack of signature and the existence of selectors for a domain, but afaik there isn't an easy way to query for all of the dkim selectors for a domain, and even if there were it would
be a pretty sketchy heuristic, is my bet. Mike On 11/29/2017 10:18 AM, Eric Kuhnke wrote:
Anecdotal experience. I'm subscribed to a lot of mailing lists. Some pass through DKIM correctly. Others re-sign the message with DKIM from their own server.98% of the spam that gets through my filters, which comes from an IP notin any of the major RBLs, has no DKIM signature for the domain. My theory is that it does introduce somewhat of a barrier to spam senders because they are frequently not in control of the mail server (which may be some ignorant third party's open relay), nor do they have access to the zonefile for the domain the mail server belongs to for the purpose of adding any sort of DKIM record. On Wed, Nov 29, 2017 at 10:12 AM, Michael Thomas <mike () mtcc com> wrote:On 11/29/2017 10:03 AM, valdis.kletnieks () vt edu wrote:On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said: There are quite a few things you can do to get the mailing listtraversal rate > 90%, iirc.Only 90% should be considered horribly broken. Anything that makes it difficult to run a simple mailing list with less that at least 2 or 3 9's is unacceptable.I've been saying for years that it should be possible to create the concept of DKIM-friendly mailing lists. In such a case, you could have your nines. Until then, the best you can hope for is the list re-signing the mail and blaming the list owner instead. Mike
Current thread:
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM, (continued)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM valdis . kletnieks (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Eric Kuhnke (Dec 01)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Chuck Anderson (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)