[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ISPmail Lenny tutorial ready

Thomas Goirand wrote:
> Christoph Haas wrote:
>> Greylisting has been a neat hack but IMHO it was clear that spammers
>> can't be kept off like that forever. Not sure whether they just try
>> again. I'd assume they abuse more open relays or crack servers. Blocking
>> off spammers with RBLs still seems to work best. And I'll try Domain
>> Keys (DKIM) and see if that helps a little. I'm curious to see how many
>> mail servers are using that.
>> Cheers
>>  Christoph
> DKIM is more than an anti-spam tool. Limiting it to only that is not a
> correct point of view. DKIM certifies that a given mail is sent by an
> approved server for the domain, and makes it so nobody else can send
> using your domain. It avoids people using your domain fraudulently, and
> this is why it's great! The fact that it also permits to deny some
> incoming email is a nice side effect of it, but I would never say that
> this is the only purpose. If everyone was using DKIM signing, there
> would never be anyone using a From with a domain they don't own. That
> would make the life of spammer wishing to do pishing a lot harder. A
> good example could be someone trying to make a fake paypal email with
> the From being @paypal.com. NO WAY it would reach my servers (not sure
> if paypal is using DKIM signing though... that's just an example).

I'd go as far as saying DKIM and SPF *are not* anti-spam tools and
should not be used as such. They should only be used to determine
authenticity. My SPF records say "these are the only sources I authorize
for my domain" and nothing more. Blatant spam can be DKIM signed and/or
have valid SPF records, too.


Reply to: