My SA platform has very good results with thousands of
whitelist_auth entries but 98% of the SA users are not going to
know to create/manage these entries themselves. Combined with
other rules this also helps with spoofing legit senders like the
IRS, Bank of America, etc. I am not suggesting we put thousands of
entries in the new 60_whitelist_auth.cf but the common,
high-profile, large senders that often get spoofed.
Make it dynamic? At dnswl.org we now also provide domain-based trust
info (which should only be applied to properly authenticated domains,
obviously).
Can SA do this today (with a dnswl lookup metad with DKIM_VALID or
similar)? Or would a new plugin be needed to do the job properly?
--
John
