Hamish Marson writes: > Justin Mason wrote: > > Hamish writes: > >> On Wednesday 28 June 2006 08:48, Ralf Hildebrandt wrote: > >>> * [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > >>>> Given that airline messages are important, are related to > >>>> meney, and recipients dont want to get forged ones, it would > >>>> be a great idea to start a campaign with airlines / travel > >>>> agents to use some sort of proof of origin (spf, digital > >>>> signature, whatnot) Recipients could then apply whitelists > >>> Amen to that! > >> Does SA do anything with digital signatures to deduct scores? If > >> it's worthwhile, I'm game to play. > > > > It allows us (and third parties, and individual site admins) to > > reliably whitelist sources safely. See > > 'rules/60_whitelist_spf.cf', e.g.: > > > > def_whitelist_from_spf [EMAIL PROTECTED] > > Yeah, I know about the SPF checks... But I meant does SA currently do > anything with digital signatures to verify that the sender really is > the sender & apply a -ve score.
hmm. I thought 'def_whitelist_from_spf' also checked DK and DKIM sigs, but it appears not :( It appears that 'def_whitelist_from_dkim' is in place for this purpose, instead. -- at least that's the plan... no orgs are yet listed in 'rules/60_whitelist_dkim.cf' though. But yes, given a DKIM sig, and a 'def_whitelist_from_dkim' line for that sender, it'll apply a negative bonus. --j.
