Incoming SMTP in the year 2017 and absence of DKIM

Eric Kuhnke eric.kuhnke at
Wed Nov 29 18:18:31 UTC 2017

Anecdotal experience. I'm subscribed to a lot of mailing lists. Some pass
through DKIM correctly. Others re-sign the message with DKIM from their own

>98% of the spam that gets through my filters, which comes from an IP not
in any of the major RBLs, has no DKIM signature for the domain. My theory
is that it does introduce somewhat of a barrier to spam senders because
they are frequently not in control of the mail server (which may be some
ignorant third party's open relay), nor do they have access to the zonefile
for the domain the mail server belongs to for the purpose of adding any
sort of DKIM record.

On Wed, Nov 29, 2017 at 10:12 AM, Michael Thomas <mike at> wrote:

> On 11/29/2017 10:03 AM, valdis.kletnieks at wrote:
>> On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said:
>> There are quite a few things you can do to get the mailing list
>>> traversal rate > 90%, iirc.
>> Only 90% should be considered horribly broken.  Anything that makes
>> it difficult to run a simple mailing list with less that at least 2 or 3
>> 9's
>> is unacceptable.
> I've been saying for years that it should be possible to create the
> concept of DKIM-friendly mailing lists. In such
> a case, you could have your nines. Until then, the best you can hope for
> is the list re-signing the mail and blaming
> the list owner instead.
> Mike

More information about the NANOG mailing list