Experience with DKIM signatures and DCC

Gary Mills mills@cc.umanitoba.ca
Sat Mar 29 18:21:57 UTC 2008


On Sat, Mar 29, 2008 at 04:59:45PM +0000, Vernon Schryver wrote:
> > From: Gary Mills <mills@cc.umanitoba.ca>
> 
> > SPAM reputation is critical in this game.  In most cases, I can't even
> > guess which domains have a good reputation and which don't.  I
> > certainly can't investigate all of them.  I've only found one bank so
> > far that uses DKIM signatures.  A reputation database is the missing
> > ingredient.  In terms of procedure, I'd need to begin with the
> > Authentication-Results log lines or headers, determine the owner of
> > the domain, and then look up the reputation of the owner.  Is any sort
> > of reputation database available now?  Soon?
> 
> Instead of only whitelisting by DKIM success,
> why not also blacklist by DKIM failure or IP address reputation?

The most common reason for DKIM signature failure happens when a
message from a @gmail.com user, with a valid signature, is submitted
to a mailing list and subsequently distributed to the subscribers.
In this case, signature validation correctly fails because another
domain has taken responsibility for the message.

> There are now many IP address reputation schemes in addition to classic
> DNSBLs.  Some are Commtouch's, Ciphertrust's, and DCC Reputations.
> Commtouch's can be queried as if it were a DNSBL.  DCC Reputations are
> built into the commercial DCC code.  A lot of phishing can be blocked
> by using Spamhaus' ZEN DNSBL, which includes Spamhaus' PBL.  I think
> DCC Reputations and Spamhaus' ZEN are cheapest of those Spamhaus's ZEN
> has very few false positives and generally can be used without local
> whitelists.  Umanitoba.ca's traffic is non-commercial and might be low
> enough to qualify for free access to Spamhaus' ZEN.  See
> http://www.spamhaus.org/organization/dnsblusage.html

We are using Spamhaus' XBL, and are happy to pay for it.  What I'm
looking for now is something that rates domain names by reputation.
Spamhaus was working on such a database, but I haven't heard anything
about that for some time.  My main concern is to stop the phishing
messages that rely on forged sender addresses.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.