Re: [anti-spam-wg] DKIM spoofing (was: RIPE 51 anti-spam WG minutes)

  • To: Walter Ian Kaye <
    >
  • From: Markus Stumpf <
    >
  • Date: Tue, 13 Dec 2005 21:16:31 +0100
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey; d=space.net; b=ix8ID8yRH4/LxXzOnZ1HdCzxKNhrKTLztFMV4/htOCM/dSR46GB3ZUO2nLtmIs9U ;
  • Organization: SpaceNet AG, Muenchen, Germany

On Mon, Dec 12, 2005 at 11:33:18PM -0800, Walter Ian Kaye wrote:
> >X-Gmail-Received: 2atq6t6218l0215v27be90z95a641f3r8wqu8302y6
> >Received-SPF: pass (go.com: domain of xlm@localhost 
> >designates 220.112.86.252 as permitted sender

Neither SPF nor DKIM are really "antispam" mechnisms. They are trust
building mechanisms. The trust is that the sender did not fake e.g. the
domain name. What stays are problems with en masse throwaway domains.
This is why you need an accreditation system for.

I cannot (as of now) check whether the Received-SPF: header was correct
at the time inserted or not. Currently I can see no SPF records for
natural-innovations.com at all.

IMHO it is a bad idea, to base a system on the addition of "this looks
good" headers. It takes a lot of work to check the headers and remove
faked "this looks good" headers on the border mailservers, but everyone
adds them just "to look better".
The correct way would be to only add "this looks bad" headers. No one
will add them unsolicited, because they don't help to look better, and
that is the goal of faking them.

We add X-RBL-Listed type of headers to tag mails to our customers. No
spammer would add them voluntarily for obvious reasons.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"