[anti-spam-wg] DKIM spoofing (was: RIPE 51 anti-spam WG minutes)


At 04:16p +0000 12/07/2005, Rodney Tillotson didst inscribe upon an electronic papyrus:

C. Technical measures

DKIM Domain Keys Identified Mail
http://mipassoc.org/dkim/

Patrik Fltstrm gave a presentation on DKIM status and technology.
http://www.ripe.net/ripe/meetings/ripe-51/presentations/pdf/dkim.pdf

Patrik Fltstrm: No, I think it is going to work!
At Cisco they notice that about 10% of messages are signed.
There are a number of DKIM-aware tools: Sun Mail, Yahoo!, Cisco,
SpamAssassin.
I've been seeing faked domain key/SPF headers (what a surprise). Excerpt:

Received: from natural-innovations.com ([220.112.86.252])
X-Gmail-Received: 2atq6t6218l0215v27be90z95a641f3r8wqu8302y6
Received-SPF: pass (go.com: domain of xlm@localhost designates 220.112.86.252 as permitted sender
List-ID: <germane.go.com>
Precedence: bulk
X-Mailer: PHP
X-Accept-Language: en-us, en
To: xlm@localhost
Subject: Request.
I've also seen fake Habeas headers. What good are these things if they're just going to get spoofed anyway?