 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] DomainKeys| From | Sent On | Attachments |
|---|---|---|
| Randy "PerlStalker" Smith | Dec 23, 2004 8:02 am | |
| Julian Mehnle | Dec 23, 2004 10:08 am | |
| Ben Kennedy | Dec 23, 2004 10:36 am | |
| Randy "PerlStalker" Smith | Dec 23, 2004 10:58 am | |
| Bill Taroli | Dec 23, 2004 1:27 pm | |
| Alessandro Vesely | Jan 14, 2007 8:48 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] DomainKeys | Actions... |
|---|---|---|
| From: | Randy "PerlStalker" Smith (perl...@falconsroost.alamosa.co.us) | |
| Date: | Dec 23, 2004 10:58:42 am | |
| List: | net.sourceforge.lists.courier-users | |
Julian Mehnle wrote:
Randy "PerlStalker" Smith [perl...@falconsroost.alamosa.co.us] wrote:
I am continuing my quixotic attempt to stop spam from coming into my mail server. Having seen the "effectiveness" of SPF, I'm now looking into implementing DomainKeys (http://antispam.yahoo.com/domainkeys).
If you think that SPF or DK will stop spam, you're certainly on the wrong track. These are sender authentication technologies, and if spammers use their own domains in the sender address (which is actually what we want), none of these technologies will be able to stop their spam.
SPF and DK are supposed to stop sender address forgery, not spam. If you are disappointed in SPF due to this misconception, you will be disappointed in DomainKeys, too.
You are, of course, right. However, by rejecting messages that fail SPF and DK checks, I can "trust" that the message was send from a server under the sender's direct control. I can use this trust to blacklist "authenticated" spammer domains. I can also drop mail that fails authentication attempts which actually will (and does) limit the amount of spam I get to deal with in other ways.
Don't get me wrong. This is not the only thing I'm doing to limit spam. I'm already using a few RBLs and have SpamAssassin scanning the rest, but the more I can kill before the messages are handed to SA, the happier my servers will be.
Sender authentication can indirectly help with stopping spam, though. If you know the sender address to be authentic, you can use reputation systems (domain-based blacklists, for instance) to decide whether to accept a message.
Right. That's part of the plan. In any case, I would like to be able to sign mail leaving my server and gain all of the authentication/trust benefits you just mentioned.
I know I can add DomainKey checks with a courierfilter but I can't sign keys that way. Has someone done this with courier-mta or are there plans to add this fuctionality to courier-mta in the future?
Courierfilters cannot currently modify messages, so Courier would have to be modified to either allow the former or to directly support DomainKeys message signing.
That's basically my question, so let me restate it in a, perhaps, clearer way. Is DK support planned for courier or will the ability to change messages with a courierfilter come first?
I know can check incoming messages with DKs without screwing with the message through a courierfilter. Sam mentioned that modifiy messages is on his TODO list. Builtin support for DKs though may be better since courier would have to have some way of knowing who to sign messages for.
-- Randy Smith http://perlstalker.amigo.net/ "Work is the miracle by which talent is brought to the surface and dreams become reality." - Gordon B. Hinckley