On 18/10/2024 13:09, Jaroslaw Rafa via mailop wrote:
Dnia 18.10.2024 o godz. 10:20:46 Hans-Martin Mosner via mailop pisze:
In any case, spammers aren't dumb, and they can set up perfectly
valid SPF and DKIM for their domains conveniently hidden behind
That's the most important point against SPF, DKIM and DMARC. If they don't
stop spam at all, and are quite limited in preventing forged emails (plus
give a lot of trouble with FPs), are they really still worth pushing so
hard?
Yes!
A valid SPF does not indicate it is not spam.
But...
If you have valid SPF you now know a LOT more about the actual sender
than you did without SPF
Without SPF, anyone in the world could send mail claiming to be from
b...@microsoft.com, and it would be really hard to tell that it wasn't
really.
With SPF, no one can send mail claiming to be from b...@microsoft.com
other than someone else at Microsoft, or without triggering lots of
warnings, at least
A spammer can send SPF-authenticated mail 'From: "b...@microsoft.com"
<na...@evilcorp.com>', but any spam filtering knows that it's not really
from Microsoft.
Once spam filters know where mail is really from, then there is lots
more that the spam filter can do with much less chance of false positives
With our spam filter we use SPF & DKIM checks to whitelist senders. For
instance, we know that mail with a DKIM signature for
"communications.santander.co.uk" or SPF validated return path of
something.santander.co.uk is very almost certainly really from our bank,
and not a phishing attack. If you take away SPF & DKIM we have no
possibility to do that verification
Paul
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
