BTW, these are our May Rejections stats:
http://www.winserver.com/public/antispam/stats/stats-2011-May.wct
http://www.winserver.com/public/spamstats.wct (since 2003)
The LMAP column is SPF and its been should a high +6% and I say high
because only this year only has it been that high. Before that, it was
in the 1-4% range.
So if most of the 6% SPF rejects are spoof attempts on our domains,
then I have no reason to believe that DKIM plus our ADSP/ATPS/ASL
policies would not yield the same result.
Hector Santos wrote:
> MH Michael Hammer (5304) wrote:
>
>> The other piece of the equation is how often do I see abusive mail
>> purporting to be from this domain with no signature while mail from this
>> domain that is normally signed has no significant problems.
>
> That's an exclusive reject opportunistic question.
>
> In other words, if I turn off my SMTP level rejects for all of our
> domain abuse, would DKIM take up that slack?
>
> I'm going to do a quick scan just for today's log where we rejected
> mail purported to be from our domains us, santronics.com,
> winserver.com, isdg.net. Remember, this is just today (May 26, 2011)
> and so far its 8PM EST:
>
> MAIL FROM: <sy...@santronics.com>
> MAIL FROM: <cs...@santronics.com>
> MAIL FROM: <barnardryc...@santronics.com>
> MAIL FROM: <samtron...@santronics.com>
> MAIL FROM: <ayalawe...@santronics.com>
> MAIL FROM: <andrea....@santronics.com>
> MAIL FROM: <mdnf_mvto_x_...@santronics.com>
> MAIL FROM: <kpbh_yrsz_w_...@santronics.com>
> MAIL FROM: <carvera...@santronics.com>
> MAIL FROM: <jsanch...@santronics.com>
> MAIL FROM: <cent.cor...@santronics.com>
> MAIL FROM: <carvera...@santronics.com>
> MAIL FROM: <cent.cor...@santronics.com>
> MAIL FROM: <an...@santronics.com>
> MAIL FROM: <elkinsnw...@santronics.com>
> MAIL FROM: <nounceme...@santronics.com>
> MAIL FROM: <nw...@santronics.com>
> MAIL FROM: <a...@santronics.com>
> MAIL FROM: <sa...@santronics.com>
> MAIL FROM: <huddlestonlu...@winserver.com>
> MAIL FROM: <don.dun...@winserver.com>
> MAIL FROM: <the.sha...@winserver.com>
> MAIL FROM: <daungar...@winserver.com>
> MAIL FROM: <tiff...@winserver.com>
> MAIL FROM: <dcb07...@winserver.com>
> MAIL FROM: <sotooadb...@winserver.com>
> MAIL FROM: <earl.bo...@winserver.com>
> MAIL FROM: <brent.can...@winserver.com>
> MAIL FROM: <curtis.star...@winserver.com>
> MAIL FROM:<the.sha...@winserver.com>
> MAIL FROM: <d.atk...@winserver.com>
> MAIL FROM: <jo...@winserver.com>
> MAIL FROM: <daniel.j...@winserver.com>
> MAIL FROM: <as...@winserver.com>
> MAIL FROM: <codeproj...@winserver.com>
> MAIL FROM: <erkan.sal...@winserver.com>
> MAIL FROM: <a...@winserver.com>
> MAIL FROM: <andrew.al...@winserver.com>
> MAIL FROM: <andy.how...@winserver.com>
> MAIL FROM: <andy.armstr...@winserver.com>
> MAIL FROM: <chris.shuema...@winserver.com>
> MAIL FROM: <cj.har...@winserver.com>
> MAIL FROM: <jehanzeb.akh...@winserver.com>
> MAIL FROM: <jeremiah.ragsd...@winserver.com>
> MAIL FROM: <jua...@winserver.com>
> MAIL FROM: <pnep...@winserver.com>
> MAIL FROM: <powersgilh...@winserver.com>
> MAIL FROM: <justin.b...@winserver.com>
> MAIL FROM: <che.bol...@winserver.com>
> MAIL FROM: <disobedie...@winserver.com>
> MAIL FROM: <pnep...@winserver.com>
> MAIL FROM: <powersgilh...@winserver.com>
> MAIL FROM: <prison...@winserver.com>
> MAIL FROM: <earl.bo...@winserver.com>
> MAIL FROM: <curtis.star...@winserver.com>
> MAIL FROM:<curtis.star...@winserver.com>
> MAIL FROM: <regina...@winserver.com>
> MAIL FROM: <eric.ander...@winserver.com>
> MAIL FROM: <floydjj...@winserver.com>
> MAIL FROM: <erkan.sal...@winserver.com>
> MAIL FROM: <evan...@winserver.com>
> MAIL FROM: <fi...@winserver.com>
> MAIL FROM: <gdx...@winserver.com>
> MAIL FROM: <4025237101.63576354344...@winserver.com>
> MAIL FROM: <floydjj...@winserver.com>
> MAIL FROM: <chris.shuema...@winserver.com>
> MAIL FROM: <nel...@isdg.net>
> MAIL FROM: <sbry...@isdg.net>
> MAIL FROM: <e...@isdg.net>
>
> None of these are valid and they were all rejected via SPF and the
> same for fake HELO/EHLO domains.
>
> Now, since we now signing all these three domains, the question is, if
> they were checked at the DATA level using my DKIM+ADSP/ATPS/ACL setup
> reject them?
>
> Yes, 100%, I don't know if they were faked signers or they used 3rd
> party signers, or they were signed all, because they were accepted.
> But a DKIM policy that I have would of 100% rejected them all.
>
> This is partly the reason I didn't like Sender-ID because it was a
> RFC5322 payload technology and SPF did the job at the SMTP level. I
> had shown that over 82-84% of the time and it would been a waste in
> DATA overhead.
>
> I also feel that is why DKIM is having a hard time - SPF did a lot of
> damage to its purpose in life.
>
> In any case, we are not doing any REJECT/PASS handling based on DKIM
> yet, but I am going to try turning off SPF for my domains and see if I
> get the expected 100% "would-be" rejects based on DKIM and my ADSP
> policies.
>
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
