Hi Gary,

If you have spf, and dkim set up the only other thing you might do is add a
dmarc record and make sure all servers sending email are included in you
spf record. I decided to allow spamassassin to check dkim as well and don't
think it would be wise to reject email in absence of such a record.


On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling <g...@gbco.us> wrote:

> The recent questions about setting up DKIM prompted me to review my setup
> and see if I needed to tighten things up a bit. ALL of my config
> surrounding these things is very old, so what are the best practices in
> 2019?
> On the receiving side of things, my server has spfbehavior set to 2 and I
> believe the default is 3. I seem to recall many years ago having problems
> rejecting email, that I didn't want rejected, with it set to 3. But that's
> been so long ago, it's not worth considering. Do most of you have it set to
> 3? And have you had any problems with that if you do?
> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
> that spamassassin just assigns a score if there is a DKIM_INVALID situation
> and that score seems to be pretty low. Is this really the right way to
> handle receiving messages where DKIM is concerned? I'm sure there is a way
> to increase the DKIM_INVALID score, but not sure of the ramifications of
> that. Do any of you change those settings? Or do DKIM checking somewhere
> else for improvements?
> On the outbound side of things.
> For my DNS, I have SPF records that have been there for years, that
> affects other domains receiving mail from my server. So not sure how much
> good it does, but it's there.
> I do not have DKIM set up. Many years ago it seemed pretty useless from
> what I read, so I didn't bother with it. From what I understand, if the
> receiving end doesn't check for DKIM, then it does nothing. Or like in my
> servers case, it just adds a tiny bit of score to spamassasin, so minimal
> help. But maybe enough are doing something more robust now for it to be
> useful. Maybe I should implement this now?
> What are everyone's thoughts on all this in 2019? Should I be doing
> stricter checking of spf? Does DKIM actually provide a useful service? And
> are there better ways to handle DKIM checking?
> All discussion and help is greatly appreciated!
> Thanks Gary
> --
> ____________________
> Gary Bowling
> The Moderns on Spotify <https://distrokid.com/hyperfollow/themoderns/bbrs>
> ____________________
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to