Incoming SMTP in the year 2017 and absence of DKIM
blake at ispn.net
Wed Nov 29 20:35:12 UTC 2017
Eric Kuhnke wrote on 11/29/2017 11:03 AM:
> For those who operate public facing SMTPd that receive a large volume of
> incoming traffic, and accordingly, a lot of spam...
> How much weight do you put on an incoming message, in terms of adding
> additional score towards a possible value of spam, for total absence of
> DKIM signature?
A) Establish domains that use SPF and DKIM as well as anyone else
B) Use the stolen credentials of legitimate accounts on legitimate
servers to relay SPAM messages.
So the presence of SPF/DKIM does not reliably indicate whether the
message is spam or not - only that the sender is "authenticated". The
lack of optional tech like SPF and DKIM might be used as a heuristic,
but it's not reliable enough to use in practice in my opinion. I
wouldn't quarantine or reject messages that are missing these optional
technology because the take rate isn't high enough.
Where DKIM/SPF really help is when there's a failure that indicates a
message has been spoofed. This is a good indication of phishing and is a
justified reason to reject or quarantine a message in the interest of
your employees or subscribers. Sometimes these will be config errors,
but I feel confident telling the sender to take config issues up with
their service provider.
More information about the NANOG