Re: [ietf-dkim] MLMs and signatures again

[Hector Santos]

BTW, these are our May Rejections stats:

    http://www.winserver.com/public/antispam/stats/stats-2011-May.wct
    http://www.winserver.com/public/spamstats.wct (since 2003)

The LMAP column is SPF and its been should a high +6% and I say high 
because only this year only has it been that high. Before that, it was 
in the 1-4% range.

So if most of the 6% SPF rejects are spoof attempts on our domains, 
then I have no reason to believe that DKIM plus our ADSP/ATPS/ASL 
policies would not yield the same result.


Hector Santos wrote:
> MH Michael Hammer (5304) wrote:
> 
>> The other piece of the equation is how often do I see abusive mail
>> purporting to be from this domain with no signature while mail from this
>> domain that is normally signed has no significant problems.
> 
> That's an exclusive reject opportunistic question.
> 
> In other words, if I turn off my SMTP level rejects for all of our 
> domain abuse, would DKIM take up that slack?
> 
> I'm going to do a quick scan just for today's log where we rejected 
> mail purported to be from our domains us, santronics.com, 
> winserver.com, isdg.net.  Remember, this is just today (May 26, 2011) 
> and so far its 8PM EST:
> 
> MAIL FROM: <sy...@santronics.com>
> MAIL FROM: <cs...@santronics.com>
> MAIL FROM: <barnardryc...@santronics.com>
> MAIL FROM: <samtron...@santronics.com>
> MAIL FROM: <ayalawe...@santronics.com>
> MAIL FROM: <andrea....@santronics.com>
> MAIL FROM: <mdnf_mvto_x_...@santronics.com>
> MAIL FROM: <kpbh_yrsz_w_...@santronics.com>
> MAIL FROM: <carvera...@santronics.com>
> MAIL FROM: <jsanch...@santronics.com>
> MAIL FROM: <cent.cor...@santronics.com>
> MAIL FROM: <carvera...@santronics.com>
> MAIL FROM: <cent.cor...@santronics.com>
> MAIL FROM: <an...@santronics.com>
> MAIL FROM: <elkinsnw...@santronics.com>
> MAIL FROM: <nounceme...@santronics.com>
> MAIL FROM: <nw...@santronics.com>
> MAIL FROM: <a...@santronics.com>
> MAIL FROM: <sa...@santronics.com>
> MAIL FROM: <huddlestonlu...@winserver.com>
> MAIL FROM: <don.dun...@winserver.com>
> MAIL FROM: <the.sha...@winserver.com>
> MAIL FROM: <daungar...@winserver.com>
> MAIL FROM: <tiff...@winserver.com>
> MAIL FROM: <dcb07...@winserver.com>
> MAIL FROM: <sotooadb...@winserver.com>
> MAIL FROM: <earl.bo...@winserver.com>
> MAIL FROM: <brent.can...@winserver.com>
> MAIL FROM: <curtis.star...@winserver.com>
> MAIL FROM:<the.sha...@winserver.com>
> MAIL FROM: <d.atk...@winserver.com>
> MAIL FROM: <jo...@winserver.com>
> MAIL FROM: <daniel.j...@winserver.com>
> MAIL FROM: <as...@winserver.com>
> MAIL FROM: <codeproj...@winserver.com>
> MAIL FROM: <erkan.sal...@winserver.com>
> MAIL FROM: <a...@winserver.com>
> MAIL FROM: <andrew.al...@winserver.com>
> MAIL FROM: <andy.how...@winserver.com>
> MAIL FROM: <andy.armstr...@winserver.com>
> MAIL FROM: <chris.shuema...@winserver.com>
> MAIL FROM: <cj.har...@winserver.com>
> MAIL FROM: <jehanzeb.akh...@winserver.com>
> MAIL FROM: <jeremiah.ragsd...@winserver.com>
> MAIL FROM: <jua...@winserver.com>
> MAIL FROM: <pnep...@winserver.com>
> MAIL FROM: <powersgilh...@winserver.com>
> MAIL FROM: <justin.b...@winserver.com>
> MAIL FROM: <che.bol...@winserver.com>
> MAIL FROM: <disobedie...@winserver.com>
> MAIL FROM: <pnep...@winserver.com>
> MAIL FROM: <powersgilh...@winserver.com>
> MAIL FROM: <prison...@winserver.com>
> MAIL FROM: <earl.bo...@winserver.com>
> MAIL FROM: <curtis.star...@winserver.com>
> MAIL FROM:<curtis.star...@winserver.com>
> MAIL FROM: <regina...@winserver.com>
> MAIL FROM: <eric.ander...@winserver.com>
> MAIL FROM: <floydjj...@winserver.com>
> MAIL FROM: <erkan.sal...@winserver.com>
> MAIL FROM: <evan...@winserver.com>
> MAIL FROM: <fi...@winserver.com>
> MAIL FROM: <gdx...@winserver.com>
> MAIL FROM: <4025237101.63576354344...@winserver.com>
> MAIL FROM: <floydjj...@winserver.com>
> MAIL FROM: <chris.shuema...@winserver.com>
> MAIL FROM: <nel...@isdg.net>
> MAIL FROM: <sbry...@isdg.net>
> MAIL FROM: <e...@isdg.net>
> 
> None of these are valid and they were all rejected via SPF and the 
> same for fake HELO/EHLO domains.
> 
> Now, since we now signing all these three domains, the question is, if 
> they were checked at the DATA level using my DKIM+ADSP/ATPS/ACL setup 
> reject them?
> 
> Yes, 100%, I don't know if they were faked signers or they used 3rd 
> party signers, or they were signed all, because they were accepted. 
> But a DKIM policy that I have would of 100% rejected them all.
> 
> This is partly the reason I didn't like Sender-ID because it was a 
> RFC5322 payload technology and SPF did the job at the SMTP level.  I 
> had shown that over 82-84% of the time and it would been a waste in 
> DATA overhead.
> 
> I also feel that is why DKIM is having a hard time - SPF did a lot of 
> damage to its purpose in life.
> 
> In any case, we are not doing any REJECT/PASS handling based on DKIM 
> yet, but I am going to try turning off SPF for my domains and see if I 
> get the expected 100% "would-be" rejects based on DKIM and my ADSP 
> policies.
> 

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html