John Levine wrote: > An acquaintance at a largish government agency which is sometimes a > phish target is trying to persuade the local powers that be that it > would be a good idea to DKIM sign their outgoing mail. > > Since no government agency wants to be the first to do anything, do we > know of other agencies that sign or verify with DKIM?
Made a quick search through about 1000 distinct non-spam signing domains that sent us more than 5 messages during the last two months, and I could only recognize two: d=govtlab.gov.hk, http://www.govtlab.gov.hk/english/home.htm d=serpro.gov.br, http://www.serpro.gov.br/instituicao/quem > For that matter, are there any reasonably good lists of significant > signers or verifiers? I have a list of about 40 DKIM (or DK) signing domains of universities, faculties and some academic/research institutes which I use for mild whitelisting (just in case) based on their valid signature. Perhaps the list could be used in courtesy listings at dwl.spamhaus.org, or maybe some less black & white form of a reputation DNS list could be introduced at spamhaus.org. > I know about Google, Yahoo, and Paypal, but I > was hoping for a longer list. I can send you a top-100 (or more) list of signing domains, based on the number of messages we receive, if you are interested. Mark _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
