MH Michael Hammer (5304) wrote: > The other piece of the equation is how often do I see abusive mail > purporting to be from this domain with no signature while mail from this > domain that is normally signed has no significant problems.
That's an exclusive reject opportunistic question. In other words, if I turn off my SMTP level rejects for all of our domain abuse, would DKIM take up that slack? I'm going to do a quick scan just for today's log where we rejected mail purported to be from our domains us, santronics.com, winserver.com, isdg.net. Remember, this is just today (May 26, 2011) and so far its 8PM EST: MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM:<[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM:<[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> MAIL FROM: <[email protected]> None of these are valid and they were all rejected via SPF and the same for fake HELO/EHLO domains. Now, since we now signing all these three domains, the question is, if they were checked at the DATA level using my DKIM+ADSP/ATPS/ACL setup reject them? Yes, 100%, I don't know if they were faked signers or they used 3rd party signers, or they were signed all, because they were accepted. But a DKIM policy that I have would of 100% rejected them all. This is partly the reason I didn't like Sender-ID because it was a RFC5322 payload technology and SPF did the job at the SMTP level. I had shown that over 82-84% of the time and it would been a waste in DATA overhead. I also feel that is why DKIM is having a hard time - SPF did a lot of damage to its purpose in life. In any case, we are not doing any REJECT/PASS handling based on DKIM yet, but I am going to try turning off SPF for my domains and see if I get the expected 100% "would-be" rejects based on DKIM and my ADSP policies. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
