> >> I believe they all need full participation for them to be effective? > > > > That depends on your definition of "effective". Each of these methods > > provides the recipient a way of determining the legitimacy of an email. > > If the sender is using one or more of these on his outgoing emails, the > > recipient will be able to determine whether the email really came from > > the sender (SPF & DKIM) and whether the sender is trusted not to send > > spam (Return Path). I'm not sure about Return Path, but SPF and DKIM > > will be used by default in SA if the relevant Perl modules are installed.
On 29.10.09 20:06, Alex wrote: > But I think the trouble is that SPF_FAIL and DKIM_SIGNED without > DKIM_VERIFIED doesn't necessarily mean it's not being spoofed, right? when SPF is properly configured, the SPF_FAIL means that message _IS_ forged. It should definitely be scored :-) > For that reason I really haven't been able to make scoring decisions > on either of them. SPF_FAIL is intended to be rejected at SMTP time. SPF_SOFTFAIL is intended to be carefully inspected, e.g. scored. It's SPF_PASS that alone means nothing about the message, and spammers try to exploit misunderstanding of the SPF concept by configuring SPF they will be able to PASS. That's why it is only scored by -0.001 (0 wouldn't be evaluated). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet.
