[139949] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: gmail dropping mesages

daemon@ATHENA.MIT.EDU (Jeff Mitchell)
Mon Apr 25 13:12:14 2011

Date: Mon, 25 Apr 2011 13:12:08 -0400
From: Jeff Mitchell <jmitchell@ll.mit.edu>
To: Lynda <shrdlu@deaddrop.org>
In-Reply-To: <4DB20E2C.1040903@deaddrop.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 04/22/2011 07:24 PM, Lynda wrote:
>>> Non existent, it's SPF only.
>>
>> My point.
>
> Nearly all of the spam I see is DKIM signed. It just makes messages
> bigger. I'd just as soon our volunteers spend their times on other
> things, myself.

DKIM isn't designed explicitly to stop spam, it's designed to identify 
senders.

If you trust the issued certificates(!) being used to sign the mail, you 
at least have a good indication that the spam is coming from the domain 
that it says it's coming from. This can make spam blocking much more 
effective because instead of simply hoping that a domain-based blocklist 
will block spam and not ham (due to spoofed sender addresses), you have 
a pretty good feeling that this will be the case.

Of course this relies on various other bits and pieces to fall into 
place, such as properly handling such messages (Gmail's detection and 
handling rules aren't public AFAIK), CAs not being compromised, etc. Not 
to mention that the spammers can simply register another domain and buy 
a new cert -- but then the argument above still holds.

--Jeff


home help back first fref pref prev next nref lref last post