Hi, > I think the point is that the Habeas headers are no longer used (because > they were too easy to fake). The new Return Path system is now IP > based. So any email that has a Habeas header was either created by a > previous Habeas customer who has not updated their configuration, or a > spammer trying to take advantage of outdated spam blocking setups that > check for the old Habeas headers.
Ah, now I get it. >> I believe they all need full participation for them to be effective? > > That depends on your definition of "effective". Each of these methods > provides the recipient a way of determining the legitimacy of an email. > If the sender is using one or more of these on his outgoing emails, the > recipient will be able to determine whether the email really came from > the sender (SPF & DKIM) and whether the sender is trusted not to send > spam (Return Path). I'm not sure about Return Path, but SPF and DKIM > will be used by default in SA if the relevant Perl modules are installed. But I think the trouble is that SPF_FAIL and DKIM_SIGNED without DKIM_VERIFIED doesn't necessarily mean it's not being spoofed, right? For that reason I really haven't been able to make scoring decisions on either of them. Thanks, Alex
