Dirk St?cker:
> >> 5) with a trusted cert matching the hostname + hostname == reverse DNS
> >
> > This is even more meaningless.
>
> It is an additional level of security. Only a very small bit, yes, but it
PLEASE DO NOT call this "security". This stuff is weaker than spam
filter heuristics, and no competent person calls THAT security.
At best these observations can provide a record of how mail is being
handled over time. Postfix can log some of that information.
The absence of observed variation does not mean nothing of relevance
has changed, and the presence of benign observed changes drowns out
the malicious ones, assuming that the malicious party is stupid
enough to reveal itself. This is not a sound basis for automatic
policy enforcement or claims about "email security level" except
at perhaps trivial scales.
Wietse
