In recent weeks, we have a seen a major increase of yahoo.com sender spam
mail. This seem to occurred due to new market awareness of Yahoo support
for DK/DKIM.
Yahoo.com has got to do more than just DK/DKIM for their own servers. They
need to be more responsible for their domains, and these are yahoo email
addresses which are validated via CBV (call back verifiers).
Just consider what my wife this morning had to say:
"Can we just turned off all yahoo.com mail?
The problem?
The effectiveness of DK/DKIM is completely nullified when you have a neutral
DK/DKIM policy.
By making a statement of "higher compliance" with a DK/DKIM policy, yahoo
and others with neutral policies will open themselves up for greater
scrutiny, not less.
If the neutral policy abuse continues, people will have no choice but
consider applying stronger blacklisting on domain with neutral or relaxed
policies.
What is yahoo.com doing to address this problem? The ISP will need to take
more responsibility for freebie domain accounts.
Note, the issue is that spammers do not need to sign their mail and they
won't with domains using neutral policies and knowing this, spammers will
use domains with DKIM neutral policy claims.
How about this idea:
o=#
ISP Accounts, signing is optional. However, users are not
screened and an abuse report may be sent to the domain.
Something has to be done otherwise DKIM is not going to get a wide adoption
or it will and make the problem worst for a lot of systems.
Comments?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com