On 2016-10-14 21:24, Petr Bena wrote:

I created this BT
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7360 to implement
SPF-like checks on From: sender as well in addition to envelope sender
(if they differ). It was rejected as invalid because SPF specs are

Authentication-Results: linode.junc.eu; spf=pass (sender SPF authorized) smtp.mailfrom=spamassassin.apache.org (client-ip=; helo=mail.apache.org; envelope-from=users-return-113753-me=junc...@spamassassin.apache.org; receiver=m...@junc.eu) Authentication-Results: linode.junc.eu; dmarc=none header.from=bena.rocks
Authentication-Results: linode.junc.eu; dkim=none; dkim-atps=neutral

if you begin dkim signing your own mails, and add dmarc its could help to block forging your domain as sender

spamassassin can reuse opendmarc results, what hold you back on doing this ?

if gmail is good why ask for something that is outside of gmail ?

note gmail does not care of dnssec, and thus dkim can pass without dnssec is like there was no dkim pass for me

poor manns spoof tests is to check if dkim pass or not, while if deeper testing is implement dmarc in spamassassin with full dnssec check, aswell if adsp says is sign all mail and dkim signature is missing its forged

so in spamassassin its possible to add adsp require to domains that is often sending forged mails, even that domain does not use dkim

note spf is not using dnssec as is now, but dkim and dmarc is

so i say dkim/dmarc is bad since it allow pass on non dnssec domains :(

Reply via email to