Request: Please sign this list's messages via DKIM or SPF

Nic Bernstein nic at onlight.com
Tue Apr 5 13:43:20 EDT 2016


On 04/05/2016 11:33 AM, Andrew Morgan via Info-cyrus wrote:
> On Tue, 5 Apr 2016, lst_hoe02--- via Info-cyrus wrote:
>
>>
>> Zitat von Binarus via Info-cyrus <info-cyrus at lists.andrew.cmu.edu>:
>>
>>>
>>> Combine SPF / DKIM with domain blacklisting, and then you *have* an 
>>> efficient spam fighting tool.
>>>
>>
>> As stated the spam actually reaching our inboxes after around 90% 
>> cutoff is valid DKIM/SPF signed as it is mostly from the big free 
>> providers like Outlook.com, Google and Yahoo. Some other big share is 
>> from professional spam farms with always alternating IP and Domains 
>> ranges from all over the world with also valid DKIM/SPF. Next big 
>> share is from educational servers also mostly valid DKIM/SPF. The 
>> tiny rest with around 10% is in fact not DKIM/SPF signed.
>> From the valid e-mail around 20% looks like having a valid SPF/DKIM, 
>> mostly professional newsletters not personal mail from customers.
>>
>> So No, SPF/DKIM is no useful spam fighting tool at least not in our 
>> corner of the world.
>
> Another recent standard, DMARC (https://dmarc.org/) allows the domain 
> owner to specify what the recipient should do with messages that fail 
> DKIM or SPF checks.
>
> We ran into this recently and discovered that Yahoo's DMARC records 
> tell the recipient to REJECT messages that fail DKIM or SPF.  Google 
> is honoring that DMARC record by putting the message into the Spam 
> folder.
>
> This seems like a pretty effective method to prevent someone from 
> spoofing email from your domain.  Of course, it does not prevent an 
> actual Yahoo account from sending spam, so you still need traditional 
> spam detection tools as well.  However, it is nice that a third-party 
> sender cannot harm your domain's reputation through spoofing.
>
> Note: I don't care whether this email list uses SPF or DKIM.
>
>     Andy

If you want to see flame wars even more pointless and/or entertaining 
than this one, check out the mailing lists for DMARC. ;-)  They make 
these recent exchanges seem quaint by comparison.

    _______________________________________________
    dmarc-discuss mailing list
    dmarc-discuss at dmarc.org
    http://www.dmarc.org/mailman/listinfo/dmarc-discuss 

FWIW, mailing lists and DMARC make a particularly noxious couple, as 
almost all mailing lists will break DMARC, and thus lead to all sorts of 
rejections.  That very subject is the topic of the most vitriolic flame 
wars on the DMARC lists.

Tho, to be honest, I had assumed that the recent changes to the From and 
Reply-To headers of this mailing list were undertaken to appease strict 
DMARC requirements.

Yes, Google, Yahoo and most of the rest of the Big Boys(c) have adopted 
DMARC with "p=reject" (or whatever that setting is.

At the risk of perpetuating this severely off-topic thread, IMHO if 
"Binarus" is able to eliminate "90% solely by checking for SPF and DKIM" 
then one must question just what the rest of their anti-Spam measures 
were doing?

Cheers,
     -nic

-- 
Nic Bernstein                             nic at onlight.com
Onlight Inc.                              www.onlight.com
6525 W Bluemound Rd., Ste 24	          v. 414.272.4477
Milwaukee, Wisconsin  53213-4073	  f. 414.290.0335

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20160405/4a726542/attachment.html>


More information about the Info-cyrus mailing list