On Wed 07/Aug/2019 17:14:22 +0200 Murray S. Kucherawy wrote: > On Sat, Aug 3, 2019 at 8:28 AM Alessandro Vesely wrote: >> >> IOW, dnswl=pass means the sender was whitelisted. > > > If that's the case, why do downstream agents need "policy.ip" at all?
To be whitelisted just means that the sender is a legitimate SMTP server, AFAICS. I add Matthias to the recipients list as he can be much more precise on such criteria, at least for the whitelist he runs. policy.ip carries more details. In my use case, "HEURISTIC" viruses have a significant probability of being false positive. A downstream filter extracts the trustworthiness from the policy.ip and makes a decision based on that value. Note that this filter runs after the AV filter, after the end of DATA, while dnswl=pass can be used at HELO to mitigate SPF forwarding issues. Some ISPs, albeit whitelisted, either have policies so sloppy as to tolerate infected customers, or don't spend enough energy to sanitize them anyway. The trustworthiness somehow reflects that quality. Dnswl.org also reports the category, another octet of policy.ip. Best Ale -- https://tools.ietf.org/html/draft-vesely-authmethod-dnswl _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
