Good question. Saying why I care about spf and dkim but not spam sounds contradictory, I know.
The reason is because this project doesn't care if spam arrives, only if the spam or email (even authenticated properly email) is spoofed. We are doing checks on senders and the likelihood of a spoofed from email address/domain together with an authentic spf and/or dkim is *less* likely than a spoofed from email address without any spf/dkim. Collecting statistics, I guess you could say. On 01/19/2018 09:07 AM, RW wrote: > On Thu, 18 Jan 2018 18:49:52 -0500 > Chip wrote: > >> Very well stated. Bravo! >> >> The end point here is to examine the email headers that specifically >> refer to dkim and spf signatures. Based on fail or pass, or some >> combination in concert with the sender's email address, they get moved >> into fail or pass folders. > ... >> But that is with spamassassin still identifying spam, which is >> unnecessary in this case as this project will never attract spam - I >> know that is hard to believe in, but it won't. > > Then why do you care about spf and dkim? >
