Incoming SMTP in the year 2017 and absence of DKIM

Stephen Frost sfrost at
Wed Nov 29 17:17:27 UTC 2017


* William Herrin (bill at wrote:
> On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke <eric.kuhnke at> wrote:
> > For those who operate public facing SMTPd that receive a large volume of
> > incoming traffic, and accordingly, a lot of spam...
> >
> > How much weight do you put on an incoming message, in terms of adding
> > additional score towards a possible value of spam, for total absence of
> > DKIM signature?
> Zero. DKIM for mailing lists is a horribly broken design and legitimate
> mailing lists are second only to spam in quantity of SMTP transactions.

Eh, that's really not accurate, imv, and some folks who run mailing
lists have put in serious effort to make sure to *not* break DKIM
signatures (which is certainly possible to do).  The combination of
making DKIM signatures work and DMARC allows messages to go through that
would otherwise end up getting bounced, from what I've seen.

What's annoying are the systems that appear to assume a DMARC policy
that says "bounce it if it's not from a server in our SPF list" when
there's no DMARC policy in place, but there is an SPF list.  Not
everyone really wants to put in the effort to set up DKIM, but they're
fine putting up an SPF record, but there seem to be a number of servers
out there that bounce mailing list traffic in those cases (seems to
specifically be MS Exchange systems, from the google'ing that I've


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <>

More information about the NANOG mailing list