[ietf-dkim] Not exactly not a threat analysis
SM
sm at resistor.net
Wed Aug 24 14:19:09 PDT 2005
Hi Arvel,
At 12:56 24-08-2005, Arvel Hathcock wrote:
>I agree. At present, the mere existance of a valid signature does
>not get you much in my MTA (a slightly positive value added to the
>spam filter score is about it and this probably isn't a good
>idea). However, just seeking off-topic advice here before I do it,
>would it be good or bad to run the IP of the signing domain through
>the existing IP-based RBLs? I would like to code for that today so
>I'm selfishly seeking some advice
As you and other people said, it isn't a good idea to adding a
positive value for the spam filter score based on the existence of a
valid signature. One might consider running the IP address of the
signing domain through an existing RBL service. That brings us back
to IP-based blocking.
You could have a RWL (whitelist) to verify the signing domain before
assigning a positive value to your score. This would be domain
based. One of the advantages of a domain-based approach is that you
don't have to track IP address changes. Your customers might prefer
to have their own list instead of using a lookup service operated by
a third party.
Regards,
-sm
More information about the ietf-dkim
mailing list