Re: Checking for SPF & DKIM Checks
> > Yes. It's also pointless imho to ise DomainKeys and DKIM both, DKIM is[color=blue][color=green]
> > preferred afaik.[/color]
> Well, I have them both to for when other people use one or the other;
> currently I'm not using either on outbound.[/color]
It is pointless to use DomainKeys SA plugin when a DKIM plugin is in use.
The DKIM plugin checks both the DKIM as well as DomainKeys signatures.
Just make sure to use a fairly recent version of Mail::DKIM module,
the 0.32 is ok.
> > I strongly advise you to remove that customisation and let other rules do
> > their job. Otherwise you'll get flooded by spammers who DKIM-sign their
> > spam.[/color][/color]
Agreed. Many spammers use short-lived domains and sign their spam with DKIM.
I suspect that more will do so in the future. It is essential that domain
reputation in one way or another enters the SpamAssassin score, either in
a form of hand-crafted rules for popular domains like gmail.com or yahoo.com
or paypal.com, or with some automation, like the optional signing-domain
-based AWL in current SA 3.3 (cvs), or by the use of emerging reputation
Collecting average score from AWL database on DKIM- (or DK)-signed mail only
for the last month or two, I see 925 different domains signing their mail.
Of these domains about half of them have an average spam score below 5.
But, one third of signing domains achieve an average score above 15.3 !!!
Among these there are some high-rate spam-spewing domains like
FreeLotto.com, webglobaldomain.com, thedailyinfo.info, yahoo.cn, yahoo.in.
It clearly indicates that a mere presence of a valid DKIM/DK signature
is a weak indication of spam or ham, but combined with a domain name
it can contribute valuable score points.
For example, average spam score of mail with a From address
in gmail.com shows:
average score = -2.8 for mail with valid gmail.com DKIM signature;
average score = 10.8 for mail without a valid signature
and similarly for yahoo.com:
average score = -0.7 for mail with valid yahoo.com DK signature;
average score = 29.5 for mail without a valid signature
In the SA cvs tree under rulesrc/sandbox/mmartinec/ I keep
three .cf files that I'm using, which assign a couple of score
points for mail claiming to be from gmail, yahoo, ebay and paypal,
but is not. On the other hand, DKIM-based whitelist protects
valid mail from trustworthy domains:
25_dkim.cf, 25_yg.cf, 60_whitelist_dkim.cf