[anti-spam-wg] DKIM spoofing (was: RIPE 51 anti-spam WG minutes)
From: Walter Ian Kaye <>
Date: Mon, 12 Dec 2005 23:33:18 -0800
At 04:16p +0000 12/07/2005, Rodney Tillotson didst inscribe upon an
C. Technical measures
DKIM Domain Keys Identified Mail
Patrik Fˆ£ltstrˆµm gave a presentation on DKIM status and technology.
Patrik Fˆ£ltstrˆµm: No, I think it is going to work!
At Cisco they notice that about 10% of messages are signed.
There are a number of DKIM-aware tools: Sun Mail, Yahoo!, Cisco,
I've been seeing faked domain key/SPF headers (what a surprise). Excerpt:
Received: from natural-innovations.com ([220.127.116.11])
I've also seen fake Habeas headers. What good are these things if
they're just going to get spoofed anyway?
Received-SPF: pass (go.com: domain of xlm@localhost
designates 18.104.22.168 as permitted sender
X-Accept-Language: en-us, en