Experience with DKIM signatures and DCC

Vernon Schryver vjs@calcite.rhyolite.com
Sat Mar 29 16:59:45 UTC 2008


> From: Gary Mills <mills@cc.umanitoba.ca>

> SPAM reputation is critical in this game.  In most cases, I can't even
> guess which domains have a good reputation and which don't.  I
> certainly can't investigate all of them.  I've only found one bank so
> far that uses DKIM signatures.  A reputation database is the missing
> ingredient.  In terms of procedure, I'd need to begin with the
> Authentication-Results log lines or headers, determine the owner of
> the domain, and then look up the reputation of the owner.  Is any sort
> of reputation database available now?  Soon?

Instead of only whitelisting by DKIM success,
why not also blacklist by DKIM failure or IP address reputation?

There are now many IP address reputation schemes in addition to classic
DNSBLs.  Some are Commtouch's, Ciphertrust's, and DCC Reputations.
Commtouch's can be queried as if it were a DNSBL.  DCC Reputations are
built into the commercial DCC code.  A lot of phishing can be blocked
by using Spamhaus' ZEN DNSBL, which includes Spamhaus' PBL.  I think
DCC Reputations and Spamhaus' ZEN are cheapest of those Spamhaus's ZEN
has very few false positives and generally can be used without local
whitelists.  Umanitoba.ca's traffic is non-commercial and might be low
enough to qualify for free access to Spamhaus' ZEN.  See
http://www.spamhaus.org/organization/dnsblusage.html


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.