Mark Martinec writes: > Alexis, > > > I enabled the DK/DKIM plugins in my SA 3.1.7 setup and I see that the > > default scores for their tests are negligible, presumably because > > they're still a bit experimental. > > > > Is anyone using these and can suggest appropriate scores for these > > plugins, or are these really just too unripe for serious use at the > > moment? > > One thing worth noting first: the current verision 0.22 of Mail::DKIM > handles both the DKIM as well as older DomainKeys signatures, > and is better maintained and more optimal than Mail::DomainKeys. > This means that one can now safely disable the SA plugin for > DomainKeys and just keep the DKIM plugin, it will cover for both.
Well, that's handy -- so it does! Still a little poorly documented, though -- the POD docs don't mention it, just the http://jason.long.name/dkimproxy/ web site ;) > Next, the most important role for DKIM/DK is to be able to safely > whitelist sender domains, or to penalize somewhat the mail claiming > to be coming from domains that are known to be signing all mail > (like yahoo and gmail.com), but do not bear a valid sigature. > I say 'somewhat' because some mailing list also corrupt signatures, > and some people use gmail/yahoo sending address even when posting > through some other ISP. Before this practice is rooted out, > one should probably not score invalid signature from these > two domains too harshly. Yes -- this is why currently we're only providing negative points for valid sigs, and not providing positive points in the other direction... > Regarding scoring of a mere presence of a valid signature, this is > not a good indication of spam/ham. +1. --j.
