Experience with DKIM signatures and DCC

John Levine johnl@iecc.com
Sun Apr 20 16:57:13 UTC 2008


> That might make it easier to use whitelists, but it does nothing
> to solve the real problem, creating and maintaining those whitelists.

Quite right.  There are outfits working on creating whitelists, several of 
which are DAC members.

> That gets back to the conflict of interest problem.  Practically the
> only sources of operating revenue for mail sender rating organizations
> are senders of email.  Practically the only email senders willing to
> pay for a rating are those with natural reputations that need improvement.
> Consider the history of consumer goods ratings organizations.  However, if
> you like the idea, consider Habeas or Ironport.

Also Return Path, Goodmail, and perhaps Trade Micro.

They all do indeed have to skate a thin line, listing people who are 
willing to pay, but not ones whose mailing practices are bad enough that 
the whitelist increases the amount of spam you get.

> Would you trust that FDIC insurance implies an incoming mail message 
> with a valid DKIM signature is a bank statement instead of an 
> unsolicited bulk offer for a free credit card or brokerage services?

No, but I'd trust that it was actual mail from a bank rather than a phish.

> Such a mechanism might reduce phishing, but phishing has never been
> the majority of the spam problem.  Besides, judging from the little
> spam I see, the phishing problem is much improved in the last several
> months.

You must be lucky.  I'd say about a third of the spam that gets through 
the DNSBLs and is caught by spamassassin is phishes.

R's,
John



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.