PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: The DKIM Solution  (Read 21287 times)

Teneo

  • Full Member
  • ***
  • Karma: +14/-6
  • Posts: 267
    • Teneo ESP Services
The DKIM Solution
« on: May 18, 2012, 05:42:21 AM »
Just wanted to throw up a little brainstorm/discussion

As we all know, IPv4 has (just about) ran out ... as a LIR member, the maximum you can achieve from RIPE is a /24
range , if you achieve it at all. In the near future (couple of months) it will no longer be possible to even get new IP's assigned.

IPv6 is the way to go, it seems all RIPE people are shouting, but hey ... Hotmail, GMAIl and the likes don't support it on their
incoming infrastructure, so what's the use of having a bunch of IPv6 spaces.

There is another solution , if all mail providers would start using DKIM based reputation control instead of IP based (or a mixture)
we as ESP's would be able to send our mailstream over the same IP for multiple customers. Reputation would be saveguarded by the DKIM signing , and IP space wouldn't be an issue anymore.

Biggest problem :

How to get the Hotmails of this world to understand this and to adjust their infrastructure ?
Will the situation have to explode first before we see any real changes ?
What if an ESP no longer has IP's available, and DKIM hasn't been adopted ... is that the end of business ?
Will we have to consolidate multiple customers over the same IP's, just HOPING that things won't go haywire ?

What are your thoughts on DKIM and the IPv4 problem ?  8)
Logged

lukewd

  • Jr. Member
  • **
  • Karma: +65533/-15
  • Posts: 67
    • TotalSend
Re: The DKIM Solution
« Reply #1 on: May 18, 2012, 07:53:47 AM »
I read an article saying exactly this about a year ago. Using DKIM for reputation instead of IP addresses makes sense to me. I thought things were heading this direction with Yahoo leading the pack as their FBL is DKIM signature based as opposed to IP based.

A year later and nothing seems to have changed... Something will need to happen eventually though.
Logged

Port25-Admin1

  • Administrator
  • Hero Member
  • *****
  • Karma: +49/-4
  • Posts: 2361
Re: The DKIM Solution
« Reply #2 on: May 18, 2012, 09:30:56 AM »
The problem with DKIM and other authentication mechanisms is they rely on data after the initial connection.  DKIM, for example, is based on the from header which comes after the MAIL FROM, RCPT TO, DATA, and perhaps a lot of headers.  This is a lot of wasted bandwidth and resources when a simple IP check would do the trick early in the connection. 

Now, I'm not saying there isn't value in DKIM, because there is great value.  It is a an easy an effective way to validate that content coming from a given IP is still your trusted, opt-in content.

IPv6, when it finally comes to the big ISPs, will most likely result in the extended use of DomainKeys/DKIM/SenderID/SPF and whatever else comes along to check email. But until they are forced to switch to IPv6, I think the basic IPv4 check will be the low hanging fruit of authentication checking for some time to come.
Logged
Port25-Admin1
------------------
Try the following commands:
Quote
pmta show topdomains --errors
pmta show topqueues --errors
pmta --help

When PowerMTA won't start use:
Quote
pmtad --debug
When all else fails-->support@port25.com

CaLViN

  • Hero Member
  • *****
  • Karma: +43/-2
  • Posts: 1233
  • Hasan Kurtoglu
    • PowerMTA Administration Service
Re: The DKIM Solution
« Reply #3 on: May 18, 2012, 01:59:32 PM »
Domain reputation will be used in future.But i guess it is not so near.
Logged

Professional PowerMTA Administrator - Deliverability Expert

Contact me for Consultancy needs!