At 15:50 26-06-2009, Nate wrote: >Thanks for the response. Right now it seems signing an outgoing >message from [email protected] being signed by example.net works and >is treated successfully by most spam filters. I would imagine though >as time goes on, spam filters are going to want to see messages >signed by the actual domain rather than an alternate domain.
That depends on the type of processing done after the DKIM signature is verified. >It may not have happened yet, but what would stop a spammer from >publishing their own DKIM key on a domain they control, and signing >all their forged messages with that key instead. Whenever that They can already do that. >happens, I imagine, will be the day that SA, Amavis, and others crack >down on who signs the message. It's poor form to have a filter pass a message only because it is DKIM signed. The filters will likely do a reputation check on the domain or correlate it with other information to determine whether the address in the headers can be "trusted". One copy of this message will reach you with a DKIM signature. The other will not have any DKIM signature. Let's assume that it had a DKIM signature from lists.sourceforge.net and ignore that it is from a mailing list. Which one would appear more credible to you? Regards, -sm ------------------------------------------------------------------------------ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
