On Sun, Mar 12, 2023 at 9:05 PM Jeremy Ardley <jer...@ardley.org> wrote: > > On 13/3/23 06:39, Vincent Lefevre wrote: > > O > >> Each of those options has been chosen by the mail list administrator. > >> > >> As a general principal it's a good thing to know the system sending you > >> mail > >> is genuine. Given the variety, there is no point in rejecting the email if > >> there is no certificate, but having a verified certificate could be used to > >> streamline any anti-spam processes such as not greylisting. I don't know if > >> postfix can do that yet, but it seems it would be a good thing. > > I think that DNS attacks are rather rare. Though strong authentication > > is useful for various kinds of application, it is much less important > > for antispam (I doubt that spammers do DNS attacks to let their spam > > through). > > > I'm not assuming DNS attacks rather I was wondering if a valid > certificate could give better 'customer service' i.e. quicker delivery > of mail. > > Brief investigation suggests time consuming stuff happens before the > certificate exchange - which in itself is expensive. > > However later processes could be expedited or improved with a valid > certificate e.g. reducing content inspection or dropping some connection > checks on emails from DNS names specified in the certificate
Email is store-and-forward. Ultimately, it is up to the recipient to visit his/her/it mail server and download messages. Security on a channel (like HTTPS) usually makes it tougher to inspect traffic. Or at least it makes it tougher in HTTPS. In fact, spam filters are mostly useless for messages encrypted with a tool like GPG or GnuPG. Jeff
