> > Yes. It's also pointless imho to ise DomainKeys and DKIM both, DKIM is > > preferred afaik. > > Well, I have them both to for when other people use one or the other; > currently I'm not using either on outbound.
It is pointless to use DomainKeys SA plugin when a DKIM plugin is in use. The DKIM plugin checks both the DKIM as well as DomainKeys signatures. Just make sure to use a fairly recent version of Mail::DKIM module, the 0.32 is ok. > > I strongly advise you to remove that customisation and let other rules do > > their job. Otherwise you'll get flooded by spammers who DKIM-sign their > > spam. Agreed. Many spammers use short-lived domains and sign their spam with DKIM. I suspect that more will do so in the future. It is essential that domain reputation in one way or another enters the SpamAssassin score, either in a form of hand-crafted rules for popular domains like gmail.com or yahoo.com or paypal.com, or with some automation, like the optional signing-domain -based AWL in current SA 3.3 (cvs), or by the use of emerging reputation services. Collecting average score from AWL database on DKIM- (or DK)-signed mail only for the last month or two, I see 925 different domains signing their mail. Of these domains about half of them have an average spam score below 5. But, one third of signing domains achieve an average score above 15.3 !!! Among these there are some high-rate spam-spewing domains like FreeLotto.com, webglobaldomain.com, thedailyinfo.info, yahoo.cn, yahoo.in. It clearly indicates that a mere presence of a valid DKIM/DK signature is a weak indication of spam or ham, but combined with a domain name it can contribute valuable score points. For example, average spam score of mail with a From address in gmail.com shows: average score = -2.8 for mail with valid gmail.com DKIM signature; average score = 10.8 for mail without a valid signature and similarly for yahoo.com: average score = -0.7 for mail with valid yahoo.com DK signature; average score = 29.5 for mail without a valid signature In the SA cvs tree under rulesrc/sandbox/mmartinec/ I keep three .cf files that I'm using, which assign a couple of score points for mail claiming to be from gmail, yahoo, ebay and paypal, but is not. On the other hand, DKIM-based whitelist protects valid mail from trustworthy domains: 25_dkim.cf, 25_yg.cf, 60_whitelist_dkim.cf Mark
