DKIM Deployment

[Mattias Amnefelt <>]

Serge Aumont wrote:
> Hi
>
> I am quite surprised about the relation from DKIM and greylisting i
> found in page : https://spaces.internet2.edu/display/ddx/User+Stories
>
> Greylisting is useful to reject SMTP sessions comming from zombies. It
> is used to finish SMTP sessions eraly in the process of SMTP dialog
> (after EHLO, MAIL From: and RCPT To, before DATA).
> The DKIM signature can be checked only after all the message is
> completely received so it can't be checked before the greylisting
> protection is applied. I don't think DKIM can be used to autowhitelist
> IPs for greylist process (this can be done with SPF).
>
> Am I wrong ?
>
> Serge
>
> ps : I would like to review ddx subscribers on the web server, but the
> this operation is not authorized even for authenticated subscribers.
> Could the list owner change the config for that please ?
>
>

Hi!

Technically it's possible to combine DKIM and greylisting. You are
allowed to return a temporary error code after the DATA-part just as
well as after RCPT To and the sender should treat a temporary error code
the same no matter after which part of the exchange it is received.

Some implementations return a permanent error code after the DATA-part
if they receive spam or viruses today and the same behavior could be
used for greylisting if one wanted to.

This could be implemented so that if the sender claims to be from a
domain which you have a trust relationship with then you can defer
greylisting them until you have received the DATA-part. If you can
verify the DKIM-signature you can accept the message and otherwise you
can use your normal greylisting algorithm.

Regards,

/mattiasa