On Wed, 27 Mar 2013 12:22:37 -0500 Ben Kamen <bka...@benjammin.net> wrote:
> Now that we've see/talked some stats on SPF... I'd be interested to > know what anyone might have to offer on DKIM usefulness. DKIM is useful for letting you know that a message has been relayed through a responsible organization's server. I don't think it's very useful as a spam/ham indicator. Plenty of validly-signed mail is spam (think Yahoo!) and some ham ends up with broken DKIM signatures (think broken boilerplate-appending software.) The up-and-coming thing is DMARC, which will probably enjoy good press the way SPF and DKIM did for a few years until it too is found to be not very useful. :) DMARC is intended to close two loopholes: It lets domain owners *specify* what you should do on SPF fail or DKIM fail, and it gives domain owners feedback about failed SPF/DKIM so a domain owner can know that he/she's the victim of spoofing. DMARC falls flat because it does not in any way protect what the user sees as the "From" field in a mail reader, so phishers can happily spoof mail and still be DMARC-compliant. http://www.dmarc.org/ Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
