Mercury Suggestions
Future of DKIM/DMARC in Mercury? Sharing some thoughts...

It appears to me that DKIM can simply be implemented by writing a Mercury daemon, with the daemon parsing all the necessary fields, and adding the required headers to the outgoing message.

Unfortunately, all the details are rather abstract, and do not show any example code, or pseudo-code at all, of a simple message, with an example public key, private key, and a verified message with all the required headers.

 

<p>It appears to me that DKIM can simply be implemented by writing a Mercury daemon, with the daemon parsing all the necessary fields, and adding the required headers to the outgoing message.</p><p>Unfortunately, all the <a mce_href="http://dkim.org/specs/rfc4871-dkimbase.html" href="http://dkim.org/specs/rfc4871-dkimbase.html">details</a> are rather abstract, and do not show any example code, or pseudo-code at all, of a simple message, with an example public key, private key, and a verified message with all the required headers.</p><p> </p>

I share Mr. Harris opinion regarding SPF already mentioned in this forum, and I also not a big friend of DKIM or any new technology that swears to combat spam effectively. However, we were forced to publish a SPF-Record to get our mails sent to some important ESPs.

Since we had to move our physical IP to a new one  (besides lots of software updates)  we had some new delivery issues. Curiously we hadn't that kind of problems before, maybe we had a whitelisted IP because of its reputation before. Really can't say. Very sad that black/whitelisting at ESPs is usually based on IP (not FQDN). So we had to adopt some things, such as registering at postmaster-tool-pages,  adopting Feedback Loops etc. Today it is very necessary to have upated/clean sender-address-lists (the ones that don't get 550 mailboxes unknown errors or doesn't get junk-complaints) to maintain high quality email delivery.

Doing all that postmaster-stuff we came across lots of informations about implementing DKIM for senders Authentication. Here some examples:

To get a Spamrate or FBL insight of Gmail, mails have to be DKIM-signed:
https://support.google.com/mail/answer/6258950#empty

MSN is also forcing DKIM (see "AUTHENTICATION"):
https://mail.live.com/mail/junkemail.aspx

Yahoo (see "Always make sure your emails include DKIM authenticated signature"):
https://help.yahoo.com/kb/postmaster/overview-industry-standards-practices-sln3435.html

https://help.yahoo.com/kb/SLN3438.html

Most of them still are recomendations, but it seems very likely now that DKIM is being widely adopted. As I've said before, I am not a big fan of all that new technologies claiming to be the best solution combating  mail spam/abuse, but also because I know it will cause more overhead to whatever MTA being used. But it seems that this feature will be needed some time soon. Are there any plans adding this feature in mercury (in particular in the MercuryC SMTP Client)?

 Thanks for any insights.

 

<p>I share Mr. Harris opinion regarding SPF already mentioned in this forum, and I also not a big friend of DKIM or any new technology that swears to combat spam effectively. However, we were forced to publish a SPF-Record to get our mails sent to some important ESPs. </p><p>Since we had to move our physical IP to a new one  (besides lots of software updates)  we had some new delivery issues. Curiously we hadn't that kind of problems before, maybe we had a whitelisted IP because of its reputation before. Really can't say. Very sad that black/whitelisting at ESPs is usually based on IP (not FQDN). So we had to adopt some things, such as registering at postmaster-tool-pages,  adopting Feedback Loops etc. Today it is very necessary to have upated/clean sender-address-lists (the ones that don't get 550 mailboxes unknown errors or doesn't get junk-complaints) to maintain high quality email delivery.</p><p>Doing all that postmaster-stuff we came across lots of informations about implementing DKIM for senders Authentication. Here some examples: </p><p>To get a Spamrate or FBL insight of Gmail, mails have to be DKIM-signed: https://support.google.com/mail/answer/6258950#empty</p><p>MSN is also forcing DKIM (see "AUTHENTICATION"): https://mail.live.com/mail/junkemail.aspx Yahoo (see "Always make sure your emails include DKIM authenticated signature"): https://help.yahoo.com/kb/postmaster/overview-industry-standards-practices-sln3435.html</p><p>https://help.yahoo.com/kb/SLN3438.html</p><p>Most of them still are recomendations, but it seems very likely now that DKIM is being widely adopted. As I've said before, I am not a big fan of all that new technologies claiming to be the best solution combating  mail spam/abuse, but also because I know it will cause more overhead to whatever MTA being used. But it seems that this feature will be needed some time soon. Are there any plans adding this feature in mercury (in particular in the <span class="st">MercuryC <em>SMTP Client)</em></span>? </p><p> Thanks for any insights. </p><p>  </p>

Personally I'm in favour of SPF.  I published my spf record and like the fact that no can pretend to be my domain and send mail to MS, gmail, yahoo, etc.   I wish David Harris would support it as well. That's up to him but I like it.  Right now I accomplish sort of the same thing by making content rules that number 1 give a score of 51 to any email that uses a bank domain and then I have another rule that cancels it out.  It's not as perfect as SPF and takes a lot of work but is worth the effort.  I have to look up all the ip's each bank uses.

if header "from" matches "*@scotiabank.com*" weight 51
if header "received" matches "*scotiabank.com (199.166.13.* by mercurymailsystem.ca*" weight -499 tag "real-scotiabank acct"

 SPF would accomplish all this for me with no work on my part.

 

No solution will get rid of all spam but using every tool you can will cut out about 99.99% 

I use spamhalter which I am quite happy with but it doesn't catch everything
most of the stuff it misses are caught by my content rules.
I also use sorbs and spamhause blacklists which cut out a lot of spam before it even hits me
oh and I also have a rather extensive transflt.mer file that stops thousands of messages with things like
blocking any server that helo's as either my servers name or ip address, or fake msn or google servers.

SPF would just be something else that might just get me to 100%

I don't think SPF purports to cut out all spam but it is very effective at identifying a lot of it with no false positives and it does it for probably most of the really important domains (banks,etc)

 

 

 

<p>Personally I'm in favour of SPF.  I published my spf record and like the fact that no can pretend to be my domain and send mail to MS, gmail, yahoo, etc.   I wish David Harris would support it as well. That's up to him but I like it.  Right now I accomplish sort of the same thing by making content rules that number 1 give a score of 51 to any email that uses a bank domain and then I have another rule that cancels it out.  It's not as perfect as SPF and takes a lot of work but is worth the effort.  I have to look up all the ip's each bank uses.</p><p>if header "from" matches "*@scotiabank.com*" weight 51 if header "received" matches "*scotiabank.com (199.166.13.* by mercurymailsystem.ca*" weight -499 tag "real-scotiabank acct" </p><p> SPF would accomplish all this for me with no work on my part.</p><p> </p><p>No solution will get rid of all spam but using every tool you can will cut out about 99.99% </p><p>I use spamhalter which I am quite happy with but it doesn't catch everything most of the stuff it misses are caught by my content rules. I also use sorbs and spamhause blacklists which cut out a lot of spam before it even hits me oh and I also have a rather extensive transflt.mer file that stops thousands of messages with things like blocking any server that helo's as either my servers name or ip address, or fake msn or google servers.</p><p>SPF would just be something else that might just get me to 100%</p><p>I don't think SPF purports to cut out all spam but it is very effective at identifying a lot of it with no false positives and it does it for probably most of the really important domains (banks,etc) </p><p> </p><p>  </p><p> </p>

I'm also glad to be able to use SPF and DMARC.  I also hope to use DKIM, once it's supported by Mercury.  My server has always had a great reputation, with optimal/hardened settings.  Nevertheless, my users' email has still often been erroneously marked as spam in other systems, hence I've implemented SPF and DMARC.  It would be great to be able to add DKIM to that to further reduce the false-positives.

I'm also glad to be able to use SPF and DMARC.  I also hope to use DKIM, once it's supported by Mercury.  My server has always had a great reputation, <span style="font-size: 13.3333px;">with optimal/hardened settings.  Nevertheless, </span>my users' <span style="font-size: 13.3333px;">email has </span>still often been erroneously marked as spam in other systems, hence I've implemented SPF and DMARC.  It would be great to be able to add DKIM to that to further reduce the false-positives.
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft