On Fri, 15 Feb 2013, Quanah Gibson-Mount wrote:
Does anyone tweak the DKIM scores given by SA? There are plenty of scenarios
where DKIM has failed, yet SA does not give the email a particularly high
spam mark. 3 example test cases below. I guess I was expecting SA would
score DKIM failures more aggressively if there are problems with the signing:
DKIM and SPF are anti-forgery tools, not anti-spam tools.
If you take a DKIM-signed email that is whitelisted because of
whitelist_auth and make a change that invalidates the signature, does it
still get whitelisted? If not, then SA is doing all that it can reasonably
be expected to do with the invalid signature.
DKIM or SPF pass or fail *by itself* is not useful as a spam sign. Taken
together with other factors (such as DKIM invalid + claims to be from
Wells Fargo) it's useful.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
-----------------------------------------------------------------------
7 days until George Washington's 281st Birthday
