Hi List, I was thinking about the DKIM support recently, and I must say I am not sure about its usefulness. Why? 1. DACL only. Even worse, at rcpt stage you can not even say whether the message is going to be DKIM signed or not. Is there any list of domains *always* using DKIM? I am not aware of it. 2. Even if we had a list of DKIM-friendly domains, what would we do if we received a mail without a DKIM signature (and it should have one)? Are we entitled to trash it? 3. My feeling is that we would probably never receive a mail with a false DKIM identification. Why? A common spammer would probably never sign his mail and if he does, the identification would be positive. I would like to have the following construction: racl whitelist from /.*@yahoo\.com/ racl greylist default delay 15m dacl whitelist from dkim pass dacl blacklist from /.*@yahoo\.com/ dkim none dacl blacklist dkim [fail, unknown,error] (note I am not sure whether I can use the construction in the last case, but it is quite obvious what I was after...) Now, if the above worked and was SAFE, it would be absolutely perfect. But.... is it safe? And if it was, is there any DNSRWL of all domains using DKIM so I do not have to type them one by one? Or better, it would be nice if mg could cache all mails that passed greylisting and valid dkim signature was found so they can be whitelisted at the RCPT stage later.... I am looking for opinions and other suggestions here. It would be nice if we could make use of the DKIM support once it is here. According to the http://utility.nokia.net/~lars/meter/dkim.html is DKIM fairly widely adopted.... Ondrej
Message
DKIM
2008-09-29 by Ondrej Valousek