[Spambayes] Yahoo's "domain keys" and spam

Ryan Malayter rmalayter at bai.org
Wed Dec 10 09:18:24 EST 2003

> From: Tim Stone [mailto:tim at fourstonesExpressions.com] 
> Seems to me that spambayes will see the message only after 
> its sender has been authenticated.  We *may* want to ignore 
> that header, if it's present, for clue purposes, but we don't 
> need to perform this authentication.  The fact that we are 
> seeing a mail at all means that the MTA has already done it.

Well, not always. As the service ramps up - which will probably take a
few years - a large portion of ISPs and organizational gateways are
going to accept mail without checking this doamain signature. If
SpamBayes can validate it, it will help out any SB users until their
ISPs or companies get on board.

The code for signature validation (which I assume will be based on
OpenPGP or something similar) is being given to the open-source mail MTA
projects by Yahoo, and presuably will be GPL or OpenBSD licensed. We
could use that code as a basis for whatever gets put into SpamBayes.

An interesting side effect of this will be that SpamBayes will create a
"level of trust" for sending domains based upon how much spam they send.
For example, a "Validated-Domain-Sig:python.org" token might have a very
low spam probability, while a
"Validated-Domain-Sig:super-mail-promotions.biz" will have a very high
spam probability.

Since the sending domain (and recipient, subject, time, message-ID,
etc.) will be cryptographically verified, couldn't this someday someday
becomes the "ultimate" SpamBayes token, one that statistically trumps
all others in the message?


More information about the Spambayes mailing list