- security News Forums
- > Spammers abuse Yahoo's Authenticated Mai...
- > you're misunderstanding the purpose of DomainKeys
Posting 
J.D.
(1 posting since 13 May 2008)
you're misunderstanding the purpose of DomainKeys 14 May 2008 00:42
Those messages are legitimate, within the context of DomainKeys: they
really were sent through the server that signed 'em.
DomainKeys doesn't tell you whether a message is spam or not, only
whether it was sent by the domain which signed it or not. It's up to
you to figure out whether you want to accept mail from that domain.
For more information about this & related concepts, I'd recommend the
authentication white paper published recently by the Messaging
Anti-Abuse Working Group:
http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Authenticat
ion_Paper.pdf