Request: Please sign this list's messages via DKIM or SPF
Andrew Morgan
morgan at orst.edu
Tue Apr 5 12:33:00 EDT 2016
On Tue, 5 Apr 2016, lst_hoe02--- via Info-cyrus wrote:
>
> Zitat von Binarus via Info-cyrus <info-cyrus at lists.andrew.cmu.edu>:
>
>>
>> Combine SPF / DKIM with domain blacklisting, and then you *have* an
>> efficient spam fighting tool.
>>
>
> As stated the spam actually reaching our inboxes after around 90% cutoff is
> valid DKIM/SPF signed as it is mostly from the big free providers like
> Outlook.com, Google and Yahoo. Some other big share is from professional spam
> farms with always alternating IP and Domains ranges from all over the world
> with also valid DKIM/SPF. Next big share is from educational servers also
> mostly valid DKIM/SPF. The tiny rest with around 10% is in fact not DKIM/SPF
> signed.
> From the valid e-mail around 20% looks like having a valid SPF/DKIM, mostly
> professional newsletters not personal mail from customers.
>
> So No, SPF/DKIM is no useful spam fighting tool at least not in our corner of
> the world.
Another recent standard, DMARC (https://dmarc.org/) allows the domain
owner to specify what the recipient should do with messages that fail DKIM
or SPF checks.
We ran into this recently and discovered that Yahoo's DMARC records tell
the recipient to REJECT messages that fail DKIM or SPF. Google is
honoring that DMARC record by putting the message into the Spam folder.
This seems like a pretty effective method to prevent someone from spoofing
email from your domain. Of course, it does not prevent an actual Yahoo
account from sending spam, so you still need traditional spam detection
tools as well. However, it is nice that a third-party sender cannot harm
your domain's reputation through spoofing.
Note: I don't care whether this email list uses SPF or DKIM.
Andy
More information about the Info-cyrus
mailing list