On 2016-10-14 21:24, Petr Bena wrote:
I created this BT
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7360 to implement
SPF-like checks on From: sender as well in addition to envelope sender
(if they differ). It was rejected as invalid because SPF specs are
different.
Authentication-Results: linode.junc.eu; spf=pass (sender SPF authorized)
smtp.mailfrom=spamassassin.apache.org (client-ip=140.211.11.3;
helo=mail.apache.org;
envelope-from=users-return-113753-me=junc...@spamassassin.apache.org;
receiver=m...@junc.eu)
Authentication-Results: linode.junc.eu; dmarc=none
header.from=bena.rocks
Authentication-Results: linode.junc.eu; dkim=none; dkim-atps=neutral
if you begin dkim signing your own mails, and add dmarc its could help
to block forging your domain as sender
spamassassin can reuse opendmarc results, what hold you back on doing
this ?
if gmail is good why ask for something that is outside of gmail ?
note gmail does not care of dnssec, and thus dkim can pass without
dnssec is like there was no dkim pass for me
poor manns spoof tests is to check if dkim pass or not, while if deeper
testing is implement dmarc in spamassassin with full dnssec check,
aswell if adsp says is sign all mail and dkim signature is missing its
forged
so in spamassassin its possible to add adsp require to domains that is
often sending forged mails, even that domain does not use dkim
note spf is not using dnssec as is now, but dkim and dmarc is
so i say dkim/dmarc is bad since it allow pass on non dnssec domains :(
