LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Domain Keys for email sender authentication

Domain Keys for email sender authentication

Posted Jun 23, 2006 23:14 UTC (Fri) by giraffedata (subscriber, #1954)
In reply to: Domain Keys for email sender authentication by shane
Parent article: Domain Keys for email sender authentication

I think spam already tells you where it came from, via received: headers and IP packet source addresses. I don't see that spammers are managing to spoof IP addresses, and when a received: header is forged, I think it's pretty easy to find out, if you're at the police investigation stage.

So what does DKIM add for spam prevention?

(Log in to post comments)

Domain Keys for email sender authentication

Posted Jun 23, 2006 23:42 UTC (Fri) by caitlinbestler (guest, #32532) [Link]

You need to think whitelist, not blacklist.

Authentication of the source allows you to confidently whitelist known sources, such as your own domain, without having annoying spammers forge headers just to get past your filters.

Domain Keys for email sender authentication

Posted Jun 24, 2006 2:30 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

I was going to say that (but in a different sub-thread, because this one was about DKIM being useful for blacklists), but then I realized that out of 13,000 spams a month I get, only about 1 is "from" someone in my whitelist of a few thousand email addresses (everyone from whom I've received real mail or to whom I've sent mail in the past few years). So it's not a problem worth fixing.

As for whitelisting the originating server, I don't think that would help me personally, except in the case of your example -- mail from the local domain. And I do that today, based on the Received: header, because mail from the local domain would pass through only trusted mail servers to me.

I guess I do have a few more fake whitelist "froms" than what I said -- e.g. service@paypal.com, but I discard those with some other rules before checking the whitelist (I know it didn't come from Paypal, because Received: says the server that sent it isn't *.paypal.com). DKIM would be useful there, but still probably not worth the effort. For me, only 3 domains are a problem (paypal.com, ebay.com, chase.com).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds