LuKreme a écrit : > On 8-Dec-2008, at 00:44, mouss wrote: >>> DKIM is not a blacklister, but a whitelist based on if sender really >>> use monster.com mta mail server or not :) >>> >> indeed. > > > Checking my SPAM folder it seems that a LOT of spam gets DKIM_VERIFIED > > I have tons that look, essentially, like this: > > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > s=main; d=etacbase07.com; > > b=eVw4gychbdyZ01HyEGfBa7zjoxxjaaqVy+vHu9UeYI7+aKC971+ySnccA4klNvcBOIkAbiSgWl4YWXCn5SrkEg==; > > > h=Received:Message-ID:Date:From:To:Subject:List-Unsubscribe:Mime-Version:Content-Type; > > Received: by 69.30.205.166 with SMTP id 4gki5ruu8m4116d > for <*munged*>; Tue, 09 Dec 2008 13:11:33 -0600 > Message-ID: <[EMAIL PROTECTED]> > Date: Tue, 09 Dec 2008 13:11:34 -0600 > From: "Goya Foods" <[EMAIL PROTECTED]> > To: "Subscriber" <*munged*> > > So it looks like the only usefulness of DKIM for spam checking is really > for the big mailers like gmail, paypal, ebay, etc? This message failed > the SA check with a score over 11, so I'm not complaining. >
If someone says: I'm Joe. then I don't care if he lies or not, unless "being Joe" means something to me. so if I get mail from [EMAIL PROTECTED], dkim and dk signed, spf pass, great helo, nice looking IP, ... etc. I don't care of all this stuff. I check the content. If someone say: I'm your mother. then I'll ask to see his hand (sorry, I don't know the name of the story in english. if you can read french, check http://satamania-bar.bbflash.net/conte-et-raconte-f5/le-loup-la-chevre-et-les-7-biquets-t908.htm ) so yes, dkim is a whitelist mechanism that allows you to whitelist known "names" when they sign their mail with a verifiable signature. it doesn't mean you can trust any dkim-signed mail (because anybody can sign his mail) nor that non signed mail is bad (even yahoo sends unsigned mail) nor that a bad signature is bad (I've seen broken sigs from yahoo). > I have a dkim.cf that is pretty basic, I guess, but I've recently > tweaked the settings a bit: > > score DKIM_VERIFIED -1.3 > score DKIM_SIGNED 1 > score USER_IN_DKIM_WHITELIST -10.0 > score USER_IN_DEF_DKIM_WL -3.3 > score ENV_AND_HDR_DKIM_MATCH -0.7 > score L_NOTVALID_GMAIL 3.0 > score L_NOTVALID_PAY 10 > > I'm still testing these settings. >
