spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Domain keys , can it complement SPF

2007-05-24 10:39:29
Scott Kitterman wrote:
On Thursday 24 May 2007 01:03, ram wrote:
  
Hi,
  I have been using SPF with spamassasin for my mailservers.
Unfortunately far too many domains do not put up SPF records. In order
to combat forged spams I plan to implement Domain keys too ( perl DK
plugin for SA)
Personally I dont see too much value in DK but I am surprised quiet a
few people do use DK

http://news.com.com/2100-1029_3-6185904.html


Anyone of you using SPF and DK together. What are the problems I should
look out for ? Or is DK going to give me any real improvement
    

DKIM should give you some improvement in autentication reliability if
you receive any mail through a forwarder.  For legacy reasons, much of
my home email is forwarded from my college alumni address; all of these
messages have broken SPF but would potentially pass DKIM if they were
signed.

    
The only way DK/DKIM is really going to be useful to you, I think, is if a 
domain asserts that it signs all messages throught the DK (or as yet 
unwritten) DKIM policy components.  AFAIK, none do.
  

We see some domains using the DK policy mechanism, but it's not useful
for us because we're verifying DKIM and not DK.  But it is true that SPF
includes a policy mechanism that is currently lacking from DKIM.
I've not looked into the Spamassassin implementation, but I'd imagine tagging 
messages from known signers such as Yahoo! that didn't have a signature might 
be useful.
  

I haven't looked into the Spamassassin implementation either, but a
useful capability would be to allow creation of a local whitelist of
known reliable domains.  If messages coming from one of these domains is
authenticated (using whatever technology), give it a positive score or
bypass content filtering entirely.  This doesn't require the use of any
policy mechanism, and helps with the false positives problem.

-Jim

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com