Like you, we have NEVER sent even one unsolicited mail from our server. Ever. Please post a solution if you ever find one.

And yes, while it’s true that somebody can register spamalot.com and sign e-mail with a valid DomainKeys signature, my point is that using DomainKeys is supposed to serve SOME purpose in Yahoo!’s system, and it doesn’t.

The behavior of Yahoo!’s mail system is no different if you have DomainKeys than if you don’t. Since that’s the case, what’s the point?

Greylisting is not supposed to function how you describe (meaning most people would not consider their greylisting to be working properly if the receiving server STILL refuses incoming messages after the sending server waits for the greylisting period, then resends the message). My company uses greylisting, too, and once the sending server has properly resent the message after the wait time, our server then considers that sender valid moving forward for that recipient (even if this isn’t precisely the spec of the RFC, this is how it is generally implemented, and it does work great, as you say).

Again, Yahoo!’s system, on the other hand, doesn’t necessarily accept the additional message(s) sent by the sending server. This is why a sending server might try to send the same message another 4 times and Yahoo! still doesn’t accept it.

Additionally, Yahoo! claims that if a Yahoo! user adds an e-mail address to their address book, this is the same as whitelisting that address. Again, this is false, as I have friends / customers etc. who have me in their address book, but still, even after DomainKeys, after greylisting (and our server properly waiting and trying to re-deliver on multiple attempts) and with other common things such as correct rDNS and SPF records, often the messages NEVER get to the recipient.

You can make all the arguments you want about DomainKeys vs. DKIM, greylisting, etc., but the bottom line is that many Yahoo! users are not getting mail because Yahoo!’s system simply does not work properly, or as advertised, and users should beware.

>The first problem is that, again, this system is proprietary. There was >already a similar system in place called SPF, which is an accepted standard >and one that’s been in place since late 2004. It

DomainKeys is standard. patented but freely usable, and specs are
freely available. for about the same length of time as SPF (which
Microsoft has encumbered with patents that they are not commenting on
whether they will exercise them)
http://www.dkim.org/
RFC 4871

>So Yahoo! checks the signatures of both, and if they match, then the >message isn’t considered spam.
Nope, you’re just authenticating the emails. Nothing prevents someone
from registering spamalot.com, signing emails, etc. However, you are
preventing someone from impersonating an existing domain, paypal.com
for instance.

>Yahoo! users are “temporarily deferred” with an error code of 421, >sometimes for up to six hours.
This is known as greylisting and has become very prevalent at many
places (automatically defer all incoming messages). It’s very prevalent
because it’s incredibly effective. Most autospam programs don’t try
again, whereas every legitimate mail server will (there have been some
bugs in a few like Novel groupwise). The amount of delay is mostly a
result of YOUR email server’s settings. The RFC standards suggest 30
minutes before retrying. After greylisting became widespread, I set
ours to 10min.

Another benefit of greylisting, is that by delaying for even 10 minutes, you
allow other mechanisms like distributed checksumming to ‘see’ the
message, and when the spammer retries in 10 minutes, you might now
know that 100 identical copies of this message were sent during those
10 minutes. NOW you can reject it outright.