Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Matthias Leisi
> I assume that eventually this DNS query would respond with high trust: > > # dig alertsp.chase.com.dwl.dnswl.org I wondered why this query suddenly appeared from dozens and dozens of sources in the log :) That is a good example, in that it shows one point to discuss: subdomains. At least i

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread David Jones
On 10/08/2017 08:42 AM, Rupert Gallagher wrote: You are blinded by your purpose. On Sun, Oct 8, 2017 at 9:45 AM, Matthias Leisi > wrote: > Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting DKIM-signed domains is a bad idea for at least two reasons:

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Rupert Gallagher
You are blinded by your purpose. On Sun, Oct 8, 2017 at 9:45 AM, Matthias Leisi wrote: >> Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting >> DKIM-signed domains is a bad idea for at least two reasons: mass-mailing >> services, and spammers who send from real addresses of peo

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Ralph Seichter
On 08.10.17 11:55, Matthias Leisi wrote: > If the DKIM signature does not validate, the rules do not fire. My bad, I had missed the sentence "Askdns rules awaiting for a tag which never receives its value never result in a DNS query" in http://search.cpan.org/dist/Mail-SpamAssassin/lib/Mail/SpamA

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Matthias Leisi
> I have a primary and several secondary domains tied to a DNSWL ID. All Currently, all domains in a given DNSWL Id share the same trust score. This may change over time, but we want to get some experience first. As a starting point, the trust of the domains is derived from the trust in the IPs

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Ralph Seichter
On 07.10.17 23:41, Matthias Leisi wrote: > More details are here https://www.dnswl.org/?p=311 Since the blog did not explain it, I'm asking here: I have a primary and several secondary domains tied to a DNSWL ID. All of these domains can be used to send emails to public mailing lists. Some maili

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Matthias Leisi
> Am 08.10.2017 um 01:01 schrieb Benny Pedersen : > > so report spam to dnswl ? That’s always very welcome :) This was recently updated and included in the self service. If logged in on https://www.dnswl.org/selfservice/ you’ll see a section labelled „Spam Reporting“. Simple emails to admins

Re: Whitelisting DKIM-signed domains

2017-10-08 Thread Matthias Leisi
> Am 08.10.2017 um 00:55 schrieb Rupert Gallagher : > > Whitelisting DKIM-signed domains is a bad idea for at least two reasons: > mass-mailing services, and spammers who send from real addresses of people > whose passwords were easy to guess. This is not whitelisting any and all DKIM-signed