[Mimedefang] What about DKIM
David F. Skoll
dfs at roaringpenguin.com
Wed Mar 27 13:48:48 EDT 2013
On Wed, 27 Mar 2013 12:22:37 -0500
Ben Kamen <bkamen at benjammin.net> wrote:
> Now that we've see/talked some stats on SPF... I'd be interested to
> know what anyone might have to offer on DKIM usefulness.
DKIM is useful for letting you know that a message has been relayed
through a responsible organization's server. I don't think it's very
useful as a spam/ham indicator. Plenty of validly-signed mail is spam
(think Yahoo!) and some ham ends up with broken DKIM signatures
(think broken boilerplate-appending software.)
The up-and-coming thing is DMARC, which will probably enjoy good press the
way SPF and DKIM did for a few years until it too is found to be not
very useful. :)
DMARC is intended to close two loopholes: It lets domain owners *specify*
what you should do on SPF fail or DKIM fail, and it gives domain owners
feedback about failed SPF/DKIM so a domain owner can know that he/she's
the victim of spoofing.
DMARC falls flat because it does not in any way protect what the user
sees as the "From" field in a mail reader, so phishers can happily spoof
mail and still be DMARC-compliant.
More information about the MIMEDefang