On 5/10/19 1:16 PM, Kurt Fitzner wrote: > On 2019-05-10 12:42, Matus UHLAR - fantomas wrote: > >> I wanted to comment OP's mail, but since I don't have DKIM set up, I >> wasn't >> sure it would pass :-) > > I actually didn't have DKIM signing set up myself until a couple weeks > ago. I had been lazy in setting it for a while, but I had to because > the first time I would email anyone on gmail it was going directly to > their spam folder. Hotmail too, to a lesser extent. But Google is > really aggressive with unsigned mail, and they have a strong "it's our > way or the highway" policy. > > On 10.05.19 14:48, David Jones wrote: > >>> I caution against this since non-DKIM signed email has no relation to >>> spam or ham. How did you come up with the "about 90%" number? Did you >>> grep logs to get real numbers over a couple of months? > > I should clarify. I do get DKIM-signed spam. I just don't get any > non-DKIM-signed ham. Going back and looking at my archived mail and > logs I can see that a) all legitimate emails were DKIM-signed, and b) > virtually every message that was not DKIM-signed was spam. So I intend > to assign no ham scoring weight to a message having a DKIM signature, > but I do feel pretty safe in assigning a heavy penalty to those mails > without it. >
Is this for a single mailbox? If that is the case, then it's fine to make a decision like that for a single mailbox. For those of us running mail filtering plaforms for customers, this would be a very bad rule. I filter for about 60,000 to 80,000 mailboxes (can't tell for sure with Exchange accepting everything and bouncing later) and use DKIM_VALID_AU heavily with thousands of subdomain entries like: whitelist_auth *@*.joann.com whitelist_auth *@*.potterybarn.com whitelist_auth *@*.aa.com whitelist_auth *@*.saks.com whitelist_auth *@*.dominos.com whitelist_auth *@*.fandango.com I know for sure that these emails are: 1. System generated and not from user accounts that can be compromised 2. Generated by a mail server under the control or authorized by their respective domain owners. I have an automated system that finds these candidates every week and adds them automatically to my SA config file. This is a whole category of email that I don't have to worry about false positives allowing me to increase the sensitivity of scores and meta rules to help block compromised accounts and zero-hour spam. My SA servers see millions of emails each week and they handle a lot of non-DKIM signed ham. -- David Jones
