On Jun 6, 2014, at 10:30 AM, Christian Laußat <us...@spamassassin.shambhu.info> wrote:
> Am 05.06.2014 21:48, schrieb Franck Martin: >> If the policy=reject and the dmarc is fail, then spamassassin should >> not see the email because opendmarc would have already rejected it (if >> not it is due to local policy override, so spamassassin should not >> change that) > > In the default configuration OpenDMARC doesn't reject on policy failures, it > only adds an Authentication-Results header, which I already use in > SpamAssassin. But I don't think it's a good idea to reject mail because of > DMARC policy failure, there are too man mailing-list and mail forwardings > that are not compatible with DMARC requirements. > As DMARC provide a feedback mechanism to the sender, then it is up to the sender to deal with these issues, you are just following their policy, you don’t need to or have to to second guess them. You can use some whitelists in openDMARC for some streams you really care about, like mailing lists. There are usually not too many. The default option of openDMARC is to not reject, as to avoid if you forgot opendkim or spf, and start to reject all the incoming mail… Once you are happy with the config, you ought to change that option.
signature.asc
Description: Message signed with OpenPGP using GPGMail
