--On 8 October 2009 00:21:08 +1100 Daniel Black <daniel@cacert.org> wrote:
That last paragraph makes the job of reputation assignment harder where mailing lists are concerned - but that's to be expected. The whole point of DKIM, as far as I'm concerned, is to allow more sophisticated assessment and assignment of reputation scores. Though it can contribute to reputation scores this is taking a strong cryptographic signature method and contributing it towards a spam score. This only goes so far defeating some forms of phishing.
DKIM helps you determine whether an email really was sent by the purported sending domain. If it wasn't, that's bad. If it was, that doesn't mean it's good, but it does allow you to check the sending domain (or sender) against your reputation database, and to modify your view of the sender's reputation based on the current email.
Currently, all we really have that's useful for reputation assignment are content (too complex) and IP source (too often shared between good and bad senders). I'm not saying they're not useful, and there are even some sender addresses that you can blacklist.
Without DKIM and SPF, you can't really build a reputation infrastructure for sender addresses, because for most spam you're checking or modifying the reputation of an innocent third party.
-- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/