Tue Oct 27 01:44:09 UTC 2009
Vernon are you going to answer? "Gary Mills" <email@example.com> writes: > I've been using DCC to whitelist messages by DKIM signature for some > time now, and have been quite pleased with the results. I keep the > sendmail headers in a separate file that's included into the > `whiteclnt' file. They look like this: > > ok substitute Authentication-Results electra.cc.umanitoba.ca; > dkim=pass (1024-bit key) firstname.lastname@example.org ok > substitute Authentication-Results electra.cc.umanitoba.ca; dkim=pass > (1024-bit key) email@example.com > > DKIM signature validation is extremely useful for spam control because > it prevents forgeries. Any signed and validated message from > USER@alert.bankofamerica.com is guaranteed to come from that > organization. Forged messages from the same address will not pass > validation, even if they are DKIM-signed. This is a great advance. > It eliminates all the spam that comes from herds of compromised home > computers. This is especially important for phishing attempts. > > Unfortunately, the presence of a valid DKIM signature does not > indicate that the message is not spam. It only indicates that the > sending domain employs DKIM signatures. E-mail marketing companies, > each with thousands of domain names, are signing their messages in > hopes that they will appear more legitimate. This means that there's > no way to tell from the domain name itself if an organization does not > send spam, like a bank or a university, or if they are one of those > marketeers. > > So far, I've only accumulated twelve domain names that I trust not to > send spam. This number has to be greatly expanded to make DKIM > signatures truely useful. How can we do this? The usual answer seems > to be a reputation database of domain names, but I've still not found > such a thing. I'm certainly willing to pay for it. This is the > missing piece in the puzzle.
More information about the DCC