On Fri, 25 Jul 2008 20:28:45 +1000 Daniel Black <[EMAIL PROTECTED]> wrote: >On Fri, 25 Jul 2008 06:32:13 am Scott Kitterman wrote: >> You appear to have missed the next step where spammers scrape Arthur's list >> mail address from the mailing list archives and use it as the Mail From >> address in spam they send to him. >> >> Scott K > >Just need to make sure the list owner has deployed SPF and DKIM before >then :-) > My first thought when I read that was 'or' not 'and'. My second was, 'Not really'.
Based on the example, he's whitelisting based on Rcpt To. In my counter example the local domain is being used in both Mail From and Rcpt To, so the only domain's SPF that might enter into this is his own. SPF can be used to reject such messages, but there are other ways to do it for your own domains. The policy service does not have access to the message body, so no DKIM either. A domain level whitelist function based on SPF Pass or good DKIM signatures would potentially be useful (no way to do the latter in a policy server in any case), but that doesn't seem to be what's on offer here. Scott K
