On Sat, 6 May 2017 15:49:08 +0200 Thore Boedecker wrote: > Over on my side, the receiving end of these emails, there is my > spamassassin. SA discovers the DKIM signature and is able to validate > this signature against the Yahoo server which is totally undesirable > in my opinion.
It doesn't score anything at all: DKIM_SIGNED=0.1,DKIM_VALID=-0.1 and DKIM_VALID doesn't mean much anyway, any spammer can make that hit if they can add their own header to the spam. It didn't hit DKIM_VALID_AU. On Sat, 6 May 2017 14:10:12 +0000 David Jones wrote: > DKIM is only meant to authenticate that the emails did come from > a Yahoo server. It has nothing to do with authorization which is what > you are looking for. SPF handles authorization so these emails should > have a SPF_FAIL rule hit that we can confirm once we see it in > pastebin.com. SPF requires the mail to be sent out through designated hosts. A DKIM pass for the correct domain means that the email passed through a host with access to the signing key. DKIM provides better authorization than SPF.
