[cryptography] DKIM: Who cares?

John Levine johnl at iecc.com
Thu Oct 25 09:08:06 EDT 2012

>I think it's more likely that DKIM is affecting spammers so little (if at all) 
>that they never really cared about it, and the organisations deploying it know 
>that and don't bother doing anything more than going through the motions using 
>the shortest (= lowest-overhead) keys.

Hmmn.  Is there some point to speculating about the behavior of mail
systems about which you know nothing?

I'm typing this from a conference attended by all of the large ISPs in
North America and many from Europe and Asia.  I can assure you that
they do check DKIM and they do use it to do the things that it can do.

Random spam from random addresses is little affected by DKIM; it's
hard to imagine why anyone who was familar with it would think
otherwise.  It's quite useful to recognize mail from known senders,
which makes it easier to recognize and deal with some kinds of
phishing.  As more people use it, it's very useful to bypass filtering
for known good signers and decrease the filtering load 


More information about the cryptography mailing list