Thanks for the reply, it is however somewhat off the mark. These messages don't come from authenticated sources or even trusted sources - they are simply remote mail servers that have a valid DKIM record thus causing them to score below the threshold.
It me, it looks like a smart spammer/botnet that is using throwaway domains with DKIM records set up. The problem is that anyone can set up DKIM, though up until now spammers haven't bothered going to the extra effort of doing so. If spammers are now deploying DKIM for their messages then DKIM can no long be relied on as an indicator of spam/ham. This is why I asked if anyone else was seeing the same increase in DKIM signed spam. All the best, Colin Waring. -----Original Message----- From: Grayhat [mailto:gray...@gmx.net] Sent: 14 March 2014 14:18 To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] DKIM spam :: On Fri, 14 Mar 2014 13:51:37 -0000 :: <sig.91501147d0.000001cf3f8c$85a7ed20$90f7c760$@lanternhosting.co.uk> :: "Colin Waring" <co...@lanternhosting.co.uk> wrote: > I was wondering if anyone else was seeing an increase in spam messages > that come with a valid DKIM signature? It has gotten to the point > where I have had to set DoDKIM to disabled because so much rubbish is > coming through and I can't think of many circumstances where DKIM is > actually used extensively. I don't think it's a DKIM issue (or an SPF one or whatever); see, the number of bots trying to bruteforce credentials (either over SMTP or POP3/IMAP) dramatically raised (and I'm not counting the malware which steals them from victim's machines) and once those credentials are upped to some botnet controller, the bots will just start pumping a lot of junk through a server using the stolen credentials and DKIM or SPF won't be able to do much; bottom line, ensure to check for bounces and keep an eye on your servers; as for bounces; if someone here is running on win and using the IIS SMTP as the outbound mail router, it may (will !) be a good idea to configure it to also send a copy of NDR emails to some mailbox you manage (say ndr...@example.com) so that you'll be able to see the bounces and take action (ok, this is a raw and straight approach but as a first step it's better than nothing) ---------------------------------------------------------------------------- -- Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
