> DKIM doesn't validate the spaminess of the content. Why do you think it does? > > All it does is to authenticate the source of the message. This way, you know > the spammer is who he claimed to be (or not). When properly set up, it will > identify forged and tampered messages to you; that's all. > _______________________________________________
I see lots of email that is on blacklisted (spamhaus,spamcop, etc) servers still passing DKIM tests. My perspective on blacklists is the following. First off, I explicitly trust blacklists that I have tested over time. I initially test them by adding spamassassin rules to tag items that are on the blacklists with a low score. Then I can grep my maillog for items matching that rule. From there I can evaluate the subject lines by greping my mdlog for the queue ID. If the blacklist rules hit emails with low collateral damage, I put the blacklist in a filter_begin that blocks mail before receiving. I have been testing UCEPROTECT (1&2) on my servers today. For the past 5 hours I have detected 70 emails matching UCEPROT, and 24 of them have passed DKIM. [root@filter1 ~]# cat /var/log/maillog |grep -c UCEPROT 69 [root@filter1 ~]# cat /var/log/maillog |grep UCEPROT |grep -c DKIM_VALID 24 Here are my current stats for anyone interrested Virus (message had a virus) .01% 11 Spamhaus (Spamhaus blacklist) 30.80% 38967 Spamcop (Spamcop blacklist) 1.37% 1733 SEM-Black (spameatingmonkey blacklist) .22% 282 Spamdrop (scored over 8.0 so it was dropped) 19.87% 25144 Tagged Spam (scored over 3.0 so it was tagged) 38.96% 19750 Mail_in (not tagged) 32.05% 40549 -Regards Bill Curtis _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
