On Tue, 2008-12-09 at 12:40 -0700, LuKreme wrote: > Checking my SPAM folder it seems that a LOT of spam gets DKIM_VERIFIED > > So it looks like the only usefulness of DKIM for spam checking is > really for the big mailers like gmail, paypal, ebay, etc?
The usefulness of SPF, DKIM and related technologies is for detecting *forgeries*. Its relation to spam checking is indirect at best, and is primarily for reliable whitelisting. If you know a domain or user does not send spam, and they prove the authenticity of their mail using one of these methods, then you can do a couple of things: whitelist any authenticated mail from that domain/user, and discard any unauthenticated mail from that domain/user. Paypal and banks are the canonical examples, to combat phishing. If the trustworthiness (from a spam perspective) of a domain is unknown (e.g. gmail, yahoo, and other freemail services), then knowing that a sender who claims to be from that domain is actually sending mail via that domain's servers is of limited usefulness. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson ----------------------------------------------------------------------- 6 days until Bill of Rights day
