DKIM signatures with DCC

Vernon Schryver vjs@calcite.rhyolite.com
Tue Oct 27 03:30:12 UTC 2009


> From: "Chris Aseltine" <ophidian@newsnation.com>

> Vernon are you going to answer?
>
> "Gary Mills" <mills@cc.umanitoba.ca> writes:
>
> > I've been using DCC to whitelist messages by DKIM signature for some
> > time now, and have been quite pleased with the results.  I keep the

> > Unfortunately, the presence of a valid DKIM signature does not
> > indicate that the message is not spam.  It only indicates that the
> > sending domain employs DKIM signatures.  E-mail marketing companies,
> > each with thousands of domain names, are signing their messages in

> > So far, I've only accumulated twelve domain names that I trust not to
> > send spam.  This number has to be greatly expanded to make DKIM
> > signatures truely useful.  How can we do this?  The usual answer seems
> > to be a reputation database of domain names, but I've still not found
> > such a thing.  I'm certainly willing to pay for it.  This is the
> > missing piece in the puzzle.

My answer is a useless rant about the lack of profit in selling genuine
honestly-really-never-sends-spam reputations.

If email reputations could work without manual whitelisting, then
consumer and business credit ratings would be used for detecting
good risks instead of avoiding bad risks.  In the real world, people
and businesses with excellent credit don't advertise it or even hide it
(e.g. by locking their credit bureau reports).  It's the others who
jump through hoops like maintaining several active credit cards all
below limit or blabbing all kinds of company confidential information
to any phone caller that claims to be from D&B.

Reputations are not fungible or even transitive.  Real reputations are
individual, and that implies that each user must decide which senders
(and so DKIM or other headers) are sending solicited or tolerated bulk
email.  Users who can't be bothered to make their own decisions should
be encouraged to use Microsoft or Google, which my tests imply blacklist
all mail except from senders who've done the equivalent of hiring help to
improve their FICO credit scores.

Even Microsoft and Google require users to help.  You can see that by
subscribing a Hotmail or Google mailbox to this mailing list and noticing
that it will go to your spam folder until you whitelist it.  (You'd
have to confirm the subscription by sending the key from somewhere other
than those two continuing sources of unsolicited bulk email or getting
me to whitelist the mailbox.)


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.