-----BEGIN PGP SIGNED MESSAGE-----
As I understand it, the spammers were among the first adopters of
dkim. My point is not that "spammers don't sign". Some spammers don't
sign and can (eventually, not now) be dropped because they don't.
Other spammers do sign and can be identified and shunned by policy.
But certainly, spammers spoofing source addresses will be unable to
sign as the spoofed sending domain, and can have their traffic
summarily discarded as either being unsigned but purporting to come
from a domain that signs or as having invalid signatures. Traffic
with spoofed source addresses from domains that sign needs no
moderation. The moderation load is the problem we're solving.
On Oct 4, 2007, at 4:08 PM, Simon Leinen wrote:
Fred Baker writes:
On Oct 4, 2007, at 11:56 AM, Hallam-Baker, Phillip wrote:
The problem is the amount of time it is taking to moderate mail
sent by non subscribers.
yes. For example, every email from @cisco.com is dkim-signed. The
IETF can automagically dump any such email that is not signed, or for
which the signature doesn't check out. I know that fred(_at_)cisco(_dot_)com is
one of many commonly-spoofed email addresses - I can tell that from
the backscatter I find in my junk box.
For how many of us is that true?
FWIW, about 12% (14 out of 114) of the active non-spam senders to this
list had DKIM-Signature headers in the past two weeks. I don't know
enough about DKIM to tell whether the same assumption holds for the
non-cisco.com sender domains (mostly gmail.com plus a few smaller
ones): that mail from them can be considered spoofed if the DKIM
headers are absent.
: leinen(_at_)diotima[lists(_dot_)ietf(_dot_)censored]; cat `egrep -l -i '^DKIM-
Signature:' *` | egrep -i '^From:' | sort | uniq -c | wc -l
: leinen(_at_)diotima[lists(_dot_)ietf(_dot_)censored]; cat * | egrep -i '^From:' |
sort | uniq -c | wc -l
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Ietf mailing list