Incoming SMTP in the year 2017 and absence of DKIM

Michael Thomas mike at mtcc.com
Wed Nov 29 17:32:27 CST 2017


On 11/29/2017 09:24 AM, William Herrin wrote:
> On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost <sfrost at snowman.net> wrote:
>
>> * William Herrin (bill at herrin.us) wrote:
>>> On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke <eric.kuhnke at gmail.com>
>> wrote:
>>>> How much weight do you put on an incoming message, in terms of adding
>>>> additional score towards a possible value of spam, for total absence of
>>>> DKIM signature?
>>> Zero. DKIM for mailing lists is a horribly broken design and legitimate
>>> mailing lists are second only to spam in quantity of SMTP transactions.
>> Eh, that's really not accurate, imv, and some folks who run mailing
>> lists have put in serious effort to make sure to *not* break DKIM
>> signatures (which is certainly possible to do).
>
> Alright, so "horribly broken design" overstates the case but there are
> enough problems that weighting the absence of DKIM at something other than
> zero will surely do more harm than good.
>

There are quite a few things you can do to get the mailing list 
traversal rate > 90%, iirc. For average mailman-like
lists like nanog it's very high. Of course while a "badly" behaving 
mailing list can trivially defeat any DKIM signature,
it doesn't really take too much effort to not behave "badly". Whether 
that false positive rate is too high is another
question.

Mike


More information about the NANOG mailing list