[Mimedefang] What about DKIM

[James Curtis]

> DKIM doesn't validate the spaminess of the content. Why do you think it does?
>
> All it does is to authenticate the source of the message. This way, you know the spammer is who he claimed to be (or not). When properly set up, it will identify forged and tampered messages to you; that's all.
> _______________________________________________

I see lots of email that is on blacklisted (spamhaus,spamcop, etc) servers still passing DKIM tests.  
My perspective on blacklists is the following.  First off, I explicitly trust blacklists that I have tested over time.  I initially test them by adding spamassassin rules to tag items that are on the blacklists with a low score.  Then I can grep my maillog for items matching that rule.  From there I can evaluate the subject lines by greping my mdlog for the queue ID.  If the blacklist rules hit emails with low collateral damage, I put the blacklist in a filter_begin that blocks mail before receiving.  
I have been testing UCEPROTECT (1&2) on my servers today.  For the past 5 hours I have detected 70 emails matching UCEPROT, and 24 of them have passed DKIM.  
[root at filter1 ~]# cat /var/log/maillog |grep -c UCEPROT
69
[root at filter1 ~]# cat /var/log/maillog |grep UCEPROT |grep -c DKIM_VALID
24
Here are my current stats for anyone interrested
Virus (message had a virus) .01% 
11
Spamhaus (Spamhaus blacklist) 30.80% 
38967
Spamcop (Spamcop blacklist) 1.37% 
1733
SEM-Black (spameatingmonkey blacklist) .22% 
282
Spamdrop (scored over 8.0 so it was dropped) 19.87% 
25144
Tagged Spam (scored over 3.0 so it was tagged) 38.96% 
19750
Mail_in (not tagged) 32.05% 
40549
-Regards
Bill Curtis