spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <rwmailli...@googlemail.com>
Subject Re: DKIM_VALID EnvelopeFrom
Date Fri, 05 May 2017 22:15:16 GMT
On Fri, 5 May 2017 19:56:27 +0000
David Jones wrote:


> >Alignment of the two from address is needed in DMARC so that SPF can
> >match on the same domain that the MUA displays (if it even does). It
> >doesn't do anything for DKIM.   
> 
> Did you read that returnpath.com link above about DMARC passing if
> SPF or DKIM passes and are aligned?  They know what they are doing
> and I have seen this to be true in my own inbound mail based on
> OpenDMARC headers.

I don't doubt that *they* know what they are doing. That article gives
reasons to have both on outgoing mail, but has no argument at all in
favour of requiring both to verify incoming mail.


> >I don't seen why anyone one would want a form of whitelisting where a
> >DKIM pass on a trusted domain would be ignored if there's no SPF
> >pass.  
> 
> Correct.  

I don't know why you write  "correct" and then go on to write something
contrary.


>This is why I only add envelope-from domains to my
> whitelist_auth list that is currently 2,595 entries.


That's not a good idea. When you don't feel you can just put a "header
from" domain into whitelist_auth,  you should use one or both of
whitelist_from_dkim and whitelist_from_spf instead.


Mime
View raw message