[139950] in North American Network Operators' Group
Re: gmail dropping mesages
daemon@ATHENA.MIT.EDU (Dave CROCKER)
Mon Apr 25 13:21:31 2011
Date: Mon, 25 Apr 2011 10:21:02 -0700
From: Dave CROCKER <dhc2@dcrocker.net>
To: Lynda <shrdlu@deaddrop.org>
In-Reply-To: <4DB20E2C.1040903@deaddrop.org>
Cc: nanog@nanog.org
Reply-To: dcrocker@bbiw.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 4/22/2011 4:24 PM, Lynda wrote:
> Nearly all of the spam I see is DKIM signed. It just makes messages bigger.
> I'd just as soon our volunteers spend their times on other things, myself.
In the off-chance you are assuming that the presence of a DKIM signature is
supposed to mean something about the quality of a message, please note that it
isn't. It is only meant to supply a reliable, valid identifier, with which
assessments can then be made. That assessment step is where the fun happens.
See:
<http://dkim.org/specs/draft-ietf-dkim-deployment-11.html>
For reference, spammers are typically early adopters of newly security
standardized mechanisms, in the (demonstrably valid) belief that some folk
confuse identification with quality assurance.
In particular, the DKIM d= identifier is primarily helpful for avoiding false
positives. That is, it is for an assessment process targeting signers you
trust, rather more than for targeting those you don't. If you don't care about
the trust side of the filtering equation, I suspect DKIM will not be all that
helpful for you.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
