Domain Keys for email sender authentication
Posted Jun 24, 2006 2:30 UTC (Sat) by giraffedata
In reply to: Domain Keys for email sender authentication
Parent article: Domain Keys for email sender authentication
I was going to say that (but in a different sub-thread, because this one was about DKIM being useful for blacklists), but then I realized that out of 13,000 spams a month I get, only about 1 is "from" someone in my whitelist of a few thousand email addresses (everyone from whom I've received real mail or to whom I've sent mail in the past few years). So it's not a problem worth fixing.
As for whitelisting the originating server, I don't think that would help me personally, except in the case of your example -- mail from the local domain. And I do that today, based on the Received: header, because mail from the local domain would pass through only trusted mail servers to me.
I guess I do have a few more fake whitelist "froms" than what I said -- e.g. email@example.com, but I discard those with some other rules before checking the whitelist (I know it didn't come from Paypal, because Received: says the server that sent it isn't *.paypal.com). DKIM would be useful there, but still probably not worth the effort. For me, only 3 domains are a problem (paypal.com, ebay.com, chase.com).
to post comments)