DKIM signatures with DCC

Earl Killian earl@killian.com
Tue Oct 27 22:09:48 UTC 2009


DNSWL is a "white list", not a blacklist. I thought that was what you  
were looking for. I use both ZEN and DNSWL. Anything in DNSWL with a  
trustworthiness of "high" gets to skip greylisting for example.

I also use a couple of RHSBLs (they say whether the sender name (not  
IP)) is blacklisted. You would reject even DKIM validated sites if  
they were in the RHSBL.

I actually use SPF rather than DKIM, and I see lots of rejections from  
that. I have not investigated how to use DKIM. I guess I will look for  
a HOWTO.

-Earl

On Oct 27, 2009, at 1:36 PM, Gary Mills wrote:

> On Mon, Oct 26, 2009 at 08:44:23PM -0700, Earl Killian wrote:
>> What about using DNSWL on the IP address? They have none, low, med,
>> high trustworthiness levels.
>
> We do subscribe to Spamhaus' DNS-based blocklist.  They are
> invaluable, and integrate nicely with DCC.  Most of our rejections
> are based on their ZEN database now.  However, nothing compares
> with cryptographic signatures like DKIM.  These prevent forgeries.
> That's why we would like to make increased use of DKIM.
>
> -- 
> -Gary Mills-        -Unix Group-        -Computer and Network  
> Services-




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.