[Mimedefang] What about DKIM

David F. Skoll dfs at roaringpenguin.com
Wed Mar 27 13:48:48 EDT 2013

On Wed, 27 Mar 2013 12:22:37 -0500
Ben Kamen <bkamen at benjammin.net> wrote:

>   Now that we've see/talked some stats on SPF... I'd be interested to
> know what anyone might have to offer on DKIM usefulness.

DKIM is useful for letting you know that a message has been relayed
through a responsible organization's server.  I don't think it's very
useful as a spam/ham indicator.  Plenty of validly-signed mail is spam
(think Yahoo!)  and some ham ends up with broken DKIM signatures
(think broken boilerplate-appending software.)

The up-and-coming thing is DMARC, which will probably enjoy good press the
way SPF and DKIM did for a few years until it too is found to be not
very useful. :)

DMARC is intended to close two loopholes: It lets domain owners *specify*
what you should do on SPF fail or DKIM fail, and it gives domain owners
feedback about failed SPF/DKIM so a domain owner can know that he/she's
the victim of spoofing.

DMARC falls flat because it does not in any way protect what the user
sees as the "From" field in a mail reader, so phishers can happily spoof
mail and still be DMARC-compliant.




More information about the MIMEDefang mailing list