I don't give much value to a DKIM pass, but I do score on a DKIM fail. DKIM still has it's place as a way to identify fraudulent use of a domain. There isn't much that can be done about hacked domains.... :(
Peter Hinman International Bridge / ParcelPool.com On 3/14/2014 8:49 AM, Colin Waring wrote: > Thanks for the reply, it is however somewhat off the mark. > > These messages don't come from authenticated sources or even trusted sources > - they are simply remote mail servers that have a valid DKIM record thus > causing them to score below the threshold. > > It me, it looks like a smart spammer/botnet that is using throwaway domains > with DKIM records set up. The problem is that anyone can set up DKIM, though > up until now spammers haven't bothered going to the extra effort of doing > so. If spammers are now deploying DKIM for their messages then DKIM can no > long be relied on as an indicator of spam/ham. > > This is why I asked if anyone else was seeing the same increase in DKIM > signed spam. > > All the best, > Colin Waring. > > -----Original Message----- > From: Grayhat [mailto:gray...@gmx.net] > Sent: 14 March 2014 14:18 > To: assp-test@lists.sourceforge.net > Subject: Re: [Assp-test] DKIM spam > > :: On Fri, 14 Mar 2014 13:51:37 -0000 > :: <sig.91501147d0.000001cf3f8c$85a7ed20$90f7c760$@lanternhosting.co.uk> > :: "Colin Waring" <co...@lanternhosting.co.uk> wrote: > >> I was wondering if anyone else was seeing an increase in spam messages >> that come with a valid DKIM signature? It has gotten to the point >> where I have had to set DoDKIM to disabled because so much rubbish is >> coming through and I can't think of many circumstances where DKIM is >> actually used extensively. > I don't think it's a DKIM issue (or an SPF one or whatever); see, the number > of bots trying to bruteforce credentials (either over SMTP or > POP3/IMAP) dramatically raised (and I'm not counting the malware which > steals them from victim's machines) and once those credentials are upped to > some botnet controller, the bots will just start pumping a lot of junk > through a server using the stolen credentials and DKIM or SPF won't be able > to do much; bottom line, ensure to check for bounces and keep an eye on your > servers; as for bounces; if someone here is running on win and using the IIS > SMTP as the outbound mail router, it may (will !) be a good idea to > configure it to also send a copy of NDR emails to some mailbox you manage > (say ndr...@example.com) so that you'll be able to see the bounces and take > action (ok, this is a raw and straight approach but as a first step it's > better than nothing) > > > > ---------------------------------------------------------------------------- > -- > Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the > definitive new guide to graph databases and their applications. Written by > three acclaimed leaders in the field, this first edition is now available. > Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
