Incoming SMTP in the year 2017 and absence of DKIM
Michael Thomas
mike at mtcc.com
Wed Nov 29 17:32:27 UTC 2017
On 11/29/2017 09:24 AM, William Herrin wrote:
> On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost <sfrost at snowman.net> wrote:
>
>> * William Herrin (bill at herrin.us) wrote:
>>> On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke <eric.kuhnke at gmail.com>
>> wrote:
>>>> How much weight do you put on an incoming message, in terms of adding
>>>> additional score towards a possible value of spam, for total absence of
>>>> DKIM signature?
>>> Zero. DKIM for mailing lists is a horribly broken design and legitimate
>>> mailing lists are second only to spam in quantity of SMTP transactions.
>> Eh, that's really not accurate, imv, and some folks who run mailing
>> lists have put in serious effort to make sure to *not* break DKIM
>> signatures (which is certainly possible to do).
>
> Alright, so "horribly broken design" overstates the case but there are
> enough problems that weighting the absence of DKIM at something other than
> zero will surely do more harm than good.
>
There are quite a few things you can do to get the mailing list
traversal rate > 90%, iirc. For average mailman-like
lists like nanog it's very high. Of course while a "badly" behaving
mailing list can trivially defeat any DKIM signature,
it doesn't really take too much effort to not behave "badly". Whether
that false positive rate is too high is another
question.
Mike
More information about the NANOG
mailing list