Alex wrote: >> Anyone can add a Habeas header. At best, it means they've got an outdated >> configuration; at worst, it means they're spammers trying to get past >> filters. >> >> https://senderscore.org/lookup.php?lookup=208.85.50.30 reveals that the >> 208.85.50.30 is not currently accredited under the "Return Path Safe" >> program criteria, which used to be Habeas before Return Path borged 'em. >> > > Thanks for the info. You would think with so many smart people behind > the development of habeas that it wouldn't so easily be defeated. > Isn't SPF and DKIM essentially as easily defeated? >
I think the point is that the Habeas headers are no longer used (because they were too easy to fake). The new Return Path system is now IP based. So any email that has a Habeas header was either created by a previous Habeas customer who has not updated their configuration, or a spammer trying to take advantage of outdated spam blocking setups that check for the old Habeas headers. The current Return Path, SPF, and DKIM are not easily defeated (of course SPF must be configured properly to be useful). > I believe they all need full participation for them to be effective? > That depends on your definition of "effective". Each of these methods provides the recipient a way of determining the legitimacy of an email. If the sender is using one or more of these on his outgoing emails, the recipient will be able to determine whether the email really came from the sender (SPF & DKIM) and whether the sender is trusted not to send spam (Return Path). I'm not sure about Return Path, but SPF and DKIM will be used by default in SA if the relevant Perl modules are installed. -- Bowie
