ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] MLMs and signatures again

2011-05-26 19:18:00
from [Hector Santos] [Permanent Link] 
MH Michael Hammer (5304) wrote:


The other piece of the equation is how often do I see abusive mail
purporting to be from this domain with no signature while mail from this
domain that is normally signed has no significant problems.


That's an exclusive reject opportunistic question.

In other words, if I turn off my SMTP level rejects for all of our 
domain abuse, would DKIM take up that slack?

I'm going to do a quick scan just for today's log where we rejected 
mail purported to be from our domains us, santronics.com, 
winserver.com, isdg.net.  Remember, this is just today (May 26, 2011) 
and so far its 8PM EST:

MAIL FROM: <sysop(_at_)santronics(_dot_)com>
MAIL FROM: <csckc(_at_)santronics(_dot_)com>
MAIL FROM: <barnardrycayh(_at_)santronics(_dot_)com>
MAIL FROM: <samtronics(_at_)santronics(_dot_)com>
MAIL FROM: <ayalaweila(_at_)santronics(_dot_)com>
MAIL FROM: <andrea(_dot_)san(_at_)santronics(_dot_)com>
MAIL FROM: <mdnf_mvto_x_c_g(_at_)santronics(_dot_)com>
MAIL FROM: <kpbh_yrsz_w_f_g(_at_)santronics(_dot_)com>
MAIL FROM: <carverabxw(_at_)santronics(_dot_)com>
MAIL FROM: <jsanchezm(_at_)santronics(_dot_)com>
MAIL FROM: <cent(_dot_)correa(_at_)santronics(_dot_)com>
MAIL FROM: <carverabxw(_at_)santronics(_dot_)com>
MAIL FROM: <cent(_dot_)correa(_at_)santronics(_dot_)com>
MAIL FROM: <anbis(_at_)santronics(_dot_)com>
MAIL FROM: <elkinsnwdaq(_at_)santronics(_dot_)com>
MAIL FROM: <nouncements(_at_)santronics(_dot_)com>
MAIL FROM: <nwdaq(_at_)santronics(_dot_)com>
MAIL FROM: <abxw(_at_)santronics(_dot_)com>
MAIL FROM: <sales(_at_)santronics(_dot_)com>
MAIL FROM: <huddlestonlutmp(_at_)winserver(_dot_)com>
MAIL FROM: <don(_dot_)duncan(_at_)winserver(_dot_)com>
MAIL FROM: <the(_dot_)shadow(_at_)winserver(_dot_)com>
MAIL FROM: <daungarcia(_at_)winserver(_dot_)com>
MAIL FROM: <tiffany(_at_)winserver(_dot_)com>
MAIL FROM: <dcb07575(_at_)winserver(_dot_)com>
MAIL FROM: <sotooadbdig(_at_)winserver(_dot_)com>
MAIL FROM: <earl(_dot_)borah(_at_)winserver(_dot_)com>
MAIL FROM: <brent(_dot_)canipe(_at_)winserver(_dot_)com>
MAIL FROM: <curtis(_dot_)starnes(_at_)winserver(_dot_)com>
MAIL FROM:<the(_dot_)shadow(_at_)winserver(_dot_)com>
MAIL FROM: <d(_dot_)atkins(_at_)winserver(_dot_)com>
MAIL FROM: <jorge(_at_)winserver(_dot_)com>
MAIL FROM: <daniel(_dot_)joos(_at_)winserver(_dot_)com>
MAIL FROM: <ascot(_at_)winserver(_dot_)com>
MAIL FROM: <codeproject(_at_)winserver(_dot_)com>
MAIL FROM: <erkan(_dot_)saldir(_at_)winserver(_dot_)com>
MAIL FROM: <abbu(_at_)winserver(_dot_)com>
MAIL FROM: <andrew(_dot_)allen(_at_)winserver(_dot_)com>
MAIL FROM: <andy(_dot_)howard(_at_)winserver(_dot_)com>
MAIL FROM: <andy(_dot_)armstrong(_at_)winserver(_dot_)com>
MAIL FROM: <chris(_dot_)shuemaker(_at_)winserver(_dot_)com>
MAIL FROM: <cj(_dot_)harrer(_at_)winserver(_dot_)com>
MAIL FROM: <jehanzeb(_dot_)akhtar(_at_)winserver(_dot_)com>
MAIL FROM: <jeremiah(_dot_)ragsdale(_at_)winserver(_dot_)com>
MAIL FROM: <juarez(_at_)winserver(_dot_)com>
MAIL FROM: <pnepzhq(_at_)winserver(_dot_)com>
MAIL FROM: <powersgilhphy(_at_)winserver(_dot_)com>
MAIL FROM: <justin(_dot_)bell(_at_)winserver(_dot_)com>
MAIL FROM: <che(_dot_)bolden(_at_)winserver(_dot_)com>
MAIL FROM: <disobedience(_at_)winserver(_dot_)com>
MAIL FROM: <pnepzhq(_at_)winserver(_dot_)com>
MAIL FROM: <powersgilhphy(_at_)winserver(_dot_)com>
MAIL FROM: <prisoning(_at_)winserver(_dot_)com>
MAIL FROM: <earl(_dot_)borah(_at_)winserver(_dot_)com>
MAIL FROM: <curtis(_dot_)starnes(_at_)winserver(_dot_)com>
MAIL FROM:<curtis(_dot_)starnes(_at_)winserver(_dot_)com>
MAIL FROM: <reginaldo(_at_)winserver(_dot_)com>
MAIL FROM: <eric(_dot_)anderson(_at_)winserver(_dot_)com>
MAIL FROM: <floydjjtml(_at_)winserver(_dot_)com>
MAIL FROM: <erkan(_dot_)saldir(_at_)winserver(_dot_)com>
MAIL FROM: <evandro(_at_)winserver(_dot_)com>
MAIL FROM: <fight(_at_)winserver(_dot_)com>
MAIL FROM: <gdxxxs(_at_)winserver(_dot_)com>
MAIL FROM: <4025237101(_dot_)63576354344520(_at_)winserver(_dot_)com>
MAIL FROM: <floydjjtml(_at_)winserver(_dot_)com>
MAIL FROM: <chris(_dot_)shuemaker(_at_)winserver(_dot_)com>
MAIL FROM: <nellie(_at_)isdg(_dot_)net>
MAIL FROM: <sbryant(_at_)isdg(_dot_)net>
MAIL FROM: <ebay(_at_)isdg(_dot_)net>

None of these are valid and they were all rejected via SPF and the 
same for fake HELO/EHLO domains.

Now, since we now signing all these three domains, the question is, if 
they were checked at the DATA level using my DKIM+ADSP/ATPS/ACL setup 
reject them?

Yes, 100%, I don't know if they were faked signers or they used 3rd 
party signers, or they were signed all, because they were accepted. 
But a DKIM policy that I have would of 100% rejected them all.

This is partly the reason I didn't like Sender-ID because it was a 
RFC5322 payload technology and SPF did the job at the SMTP level.  I 
had shown that over 82-84% of the time and it would been a waste in 
DATA overhead.

I also feel that is why DKIM is having a hard time - SPF did a lot of 
damage to its purpose in life.

In any case, we are not doing any REJECT/PASS handling based on DKIM 
yet, but I am going to try turning off SPF for my domains and see if I 
get the expected 100% "would-be" rejects based on DKIM and my ADSP 
policies.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] MLMs and signatures again, Scott Kitterman
Next by Date:  Re: [ietf-dkim] MLMs and signatures again, Hector Santos
Previous by Thread:  Re: [ietf-dkim] MLMs and signatures again, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] MLMs and signatures again, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]