1) There's still no way of saying "my domain always signs email with DKIM, so no signature means forged mail". At least I couldn't figure it out. 2) Mailing lists add a footer which messes with the signature.
As a consequence DKIM at the moment is completely useless since even though all my emails are signed, spammers/phishers can simply not put the DKIM signature and DKIM wouldn't know if the email was forged or not.
Furthermore, DKIM is reporting that a lot of valid emails posted to mailing lists (mostly gmail ones) are forged.
If these 2 problems are solved, I think DKIM could be the best way of building a reputation system to stop spam almost completely.
The first problem is easy to solve (just add a new flag to the DKIM DNS record), the second one could be solved by *requiring* the DKIM-verification software to discard everything following the length of the signed body (at the moment it's optional), and by *requiring* to specifiy said length (dkimproxy can't do that, AFAIK).
I once saw a presentation on an IRC channel from Rik van Riel (I think) and he said that 2.4 would have an algorithm that when memory was exhausted it would choose a process to kill based on the time it was running, the memory it was consuming and some other things. From what you're saying, it seems that it isn't working or it hasn't been made yet.
Does anyone know anything about this or did I just dream that?
Slashdot Mirror
Check out Paulo Coelho, a brazilian writer who has sold more than 100 million books in more than 150 countries:
http://paulocoelhoblog.com/2012/01/28/promo-bay/
... according to one inflation calculator, the $24.6 billion of Google's IPO in 2004 is worth $28.82 billion in 2011 dollars.
This kind of service is already implemented by the national post office in Portugal for a long time.
It's called ViaCTT.
Somehow this article reminds me of this story.
DKIM is great except, AFAIK:
1) There's still no way of saying "my domain always signs email with DKIM, so no signature means forged mail". At least I couldn't figure it out.
2) Mailing lists add a footer which messes with the signature.
As a consequence DKIM at the moment is completely useless since even though all my emails are signed, spammers/phishers can simply not put the DKIM signature and DKIM wouldn't know if the email was forged or not.
Furthermore, DKIM is reporting that a lot of valid emails posted to mailing lists (mostly gmail ones) are forged.
If these 2 problems are solved, I think DKIM could be the best way of building a reputation system to stop spam almost completely.
The first problem is easy to solve (just add a new flag to the DKIM DNS record), the second one could be solved by *requiring* the DKIM-verification software to discard everything following the length of the signed body (at the moment it's optional), and by *requiring* to specifiy said length (dkimproxy can't do that, AFAIK).
Does anyone know anything about this or did I just dream that?