-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin Mason wrote: > Hamish Marson writes: >> Justin Mason wrote: >>> Hamish writes: >>>> On Wednesday 28 June 2006 08:48, Ralf Hildebrandt wrote: >>>>> * [EMAIL PROTECTED] <[EMAIL PROTECTED]>: >>>>>> Given that airline messages are important, are related to >>>>>> meney, and recipients dont want to get forged ones, it >>>>>> would be a great idea to start a campaign with airlines / >>>>>> travel agents to use some sort of proof of origin (spf, >>>>>> digital signature, whatnot) Recipients could then apply >>>>>> whitelists >>>>> Amen to that! >>>> Does SA do anything with digital signatures to deduct scores? >>>> If it's worthwhile, I'm game to play. >>> It allows us (and third parties, and individual site admins) to >>> reliably whitelist sources safely. See >>> 'rules/60_whitelist_spf.cf', e.g.: >>> >>> def_whitelist_from_spf [EMAIL PROTECTED] >> Yeah, I know about the SPF checks... But I meant does SA >> currently do anything with digital signatures to verify that the >> sender really is the sender & apply a -ve score. > > hmm. I thought 'def_whitelist_from_spf' also checked DK and DKIM > sigs, but it appears not :( > > It appears that 'def_whitelist_from_dkim' is in place for this > purpose, instead. -- at least that's the plan... no orgs are yet > listed in 'rules/60_whitelist_dkim.cf' though. > > But yes, given a DKIM sig, and a 'def_whitelist_from_dkim' line for > that sender, it'll apply a negative bonus. >
Ah ha! Great. Thanks for that. Hamish. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEo75x/3QXwQQkZYwRAlIGAKDY23BHNE7JF7zc44xLxLap9P5voACguC/E u3pcbI4er9+rnwyPDXAwl/c= =ChIz -----END PGP SIGNATURE-----
