On Wed, Jun 18, 2014 at 12:38 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 6/18/2014 3:01 AM, Franck Martin wrote: >>> >>> >So again, I think it would be nice to have the DMARC policy results as >>> > another criteria for SpamAssassin to decide if a mail is Spam or not. >>> > >> >> yes but in short, If opendmarc is installed, then spamassassin needs to >> let it do its job, if there is no opendmarc, then it is fine for >> spamassassin to do that job. > > Franck, > > I've been thinking about this and in the end, for me, SpamAssassin is a > testing framework, NOT a blocking framework. And the more tests, the more > data I have to gauge the proper disposition. > > So if opendmarc is installed, I am heavily trending towards the concept If > someone publishes ADSP, DKIM, DMARC, SPF, etc. I'll use ALL of these > policies to gain as much information about the email as possible. Perhaps > I'll use some crazy metas that reflect the spirit of ignoring the other > polices but you can be sure I won't be using p=reject to reject but instead > score the email higher, etc. >
In the end DMARC allows you as a receiver to understand better where if a given email is spoofed or not. And that's mainly because it says that SPF can break if DKIM passes and the other way around. Keep in mind that DMARC is also about alignment. Envelope and Header >From must align. BTW: ADSP has moved to historical and won't be a good feature any more Jose Borges Ferreira
