I imagine whenever I get around to implementing SPF and DKIM, I'll add some options to specify what to do with matching connections -- whether they should be blocked if they don't match, if headers should be added, if they should always be trusted, etc.
I can make the change in the TODO file, but honestly I have so little time to work on spamdyke these days that any discussion of priority is mostly academic. :) Hopefully that will change before the end of the year... -- Sam Clippinger On Jul 28, 2012, at 5:08 PM, Eric Shubert wrote: > FWIW, I would like to see the "DKIM/SPF suport..." TODO item moved under > Highest Priorities, perhaps replacing "Full database support". While > DKIM/SPF might not make a huge impact on reducing spam (how much better > can it possibly get?), being able to whitelist trusted domains (e.g. > banks) according to their published SPF record would make whitelisting > much simpler. For example, > > [root@tacs-mail spamdyke]# host -t txt jpmchase.com > jpmchase.com descriptive text "v=spf1 a:spf.jpmchase.com > ip4:207.162.228.0/24 ip4:207.162.229.0/24 ip4:207.162.225.0/24 > ip4:196.37.232.50 ip4:159.53.46.0/24 ip4:159.53.36.0/24 > ip4:159.53.110.0/24 ip4:159.53.78.0/24 include:tpo.chase.com -all" > > This results in quite a number of whitelist entries when whitelisting by > IP address (which I think is probably the best method in this case). > Plus the fact that Chase isn't in the habit of letting me know when they > change their outbound servers. ;) (I know, I could write a script that > would let me know this) > > I would love to be able to have a whitelist_spf_domain_file option where > I could list domains that I trust, and have spamdyke auto-whitelist any > server that's listed in their SPF record. This would be a powerful > feature, which would make whitelisting easier to admin, maintain, and > (arguably) more secure. > > Thanks for your consideration on this, Sam, as well as your great work > with spamdyke. We all greatly appreciate what you do. > > -- > -Eric 'shubes' > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
