On 01/19/2018 08:30 AM, Chip wrote:
Good question.
Saying why I care about spf and dkim but not spam sounds contradictory,
I know.
The reason is because this project doesn't care if spam arrives, only if
the spam or email (even authenticated properly email) is spoofed.
How are you going to determine that? You need to facter in the
spamminess to determine if something spoofed or else you will need to
manually check every email and it's headers.
Spammers can spoof Paypal or Bank Of America using their own domain with
perfect SPF and DKIM and your system would put it in the pass folder.
Also, compromised accounts from normally good domains will have passing
SPF and DKIM and end up in your pass folder but could be a dangerous
phishing email.
--
David Jones
