[Mimedefang] What about DKIM

James Curtis jameswcurtis at hotmail.com
Thu May 2 13:50:50 EDT 2013

> DKIM doesn't validate the spaminess of the content. Why do you think it does?
> All it does is to authenticate the source of the message. This way, you know the spammer is who he claimed to be (or not). When properly set up, it will identify forged and tampered messages to you; that's all.
> _______________________________________________

I see lots of email that is on blacklisted (spamhaus,spamcop, etc) servers still passing DKIM tests.  
My perspective on blacklists is the following.  First off, I explicitly trust blacklists that I have tested over time.  I initially test them by adding spamassassin rules to tag items that are on the blacklists with a low score.  Then I can grep my maillog for items matching that rule.  From there I can evaluate the subject lines by greping my mdlog for the queue ID.  If the blacklist rules hit emails with low collateral damage, I put the blacklist in a filter_begin that blocks mail before receiving.  
I have been testing UCEPROTECT (1&2) on my servers today.  For the past 5 hours I have detected 70 emails matching UCEPROT, and 24 of them have passed DKIM.  
[root at filter1 ~]# cat /var/log/maillog |grep -c UCEPROT
[root at filter1 ~]# cat /var/log/maillog |grep UCEPROT |grep -c DKIM_VALID
Here are my current stats for anyone interrested
Virus (message had a virus) .01% 
Spamhaus (Spamhaus blacklist) 30.80% 
Spamcop (Spamcop blacklist) 1.37% 
SEM-Black (spameatingmonkey blacklist) .22% 
Spamdrop (scored over 8.0 so it was dropped) 19.87% 
Tagged Spam (scored over 3.0 so it was tagged) 38.96% 
Mail_in (not tagged) 32.05% 
Bill Curtis 		 	   		  

More information about the MIMEDefang mailing list