nanog mailing list archives
Re: Incoming SMTP in the year 2017 and absence of DKIM
From: Blake Hudson <blake () ispn net>
Date: Wed, 29 Nov 2017 14:35:12 -0600
Eric Kuhnke wrote on 11/29/2017 11:03 AM:
For those who operate public facing SMTPd that receive a large volume of incoming traffic, and accordingly, a lot of spam... How much weight do you put on an incoming message, in terms of adding additional score towards a possible value of spam, for total absence of DKIM signature?
Spammers can: A) Establish domains that use SPF and DKIM as well as anyone elseB) Use the stolen credentials of legitimate accounts on legitimate servers to relay SPAM messages.
So the presence of SPF/DKIM does not reliably indicate whether the message is spam or not - only that the sender is "authenticated". The lack of optional tech like SPF and DKIM might be used as a heuristic, but it's not reliable enough to use in practice in my opinion. I wouldn't quarantine or reject messages that are missing these optional technology because the take rate isn't high enough.
Where DKIM/SPF really help is when there's a failure that indicates a message has been spoofed. This is a good indication of phishing and is a justified reason to reject or quarantine a message in the interest of your employees or subscribers. Sometimes these will be config errors, but I feel confident telling the sender to take config issues up with their service provider.
Current thread:
- Incoming SMTP in the year 2017 and absence of DKIM Eric Kuhnke (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Blake Hudson (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM William Herrin (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Stephen Frost (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM William Herrin (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Ken O'Driscoll (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM valdis . kletnieks (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Stephen Frost (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Blake Hudson (Dec 01)