On Fri, 5 May 2017 22:49:43 +0000 David Jones wrote: > From: RW <rwmailli...@googlemail.com> > > >On Fri, 5 May 2017 19:56:27 +0000 > >David Jones wrote: > > >> >I don't seen why anyone one would want a form of whitelisting > >> >where a DKIM pass on a trusted domain would be ignored if there's > >> >no SPF pass. > >> > >> Correct. > > >I don't know why you write "correct" and then go on to write > >something contrary. > > It's not a contradiction. See below.
If you think it isn't you have read it correctly. > >>This is why I only add envelope-from domains to my > >> whitelist_auth list that is currently 2,595 entries. > > > >That's not a good idea. When you don't feel you can just put a > >"header from" domain into whitelist_auth, you should use one or > >both of whitelist_from_dkim and whitelist_from_spf instead. > > Both of those are effectively the same when you carefully add only > envelope-from domains with specific patterns. There are only two possibilities either the header and envelope domains are the same in which case it makes no difference, or they are not, in which case you are giving up on DKIM and relying only on SPF.
