--On 22 November 2010 09:25:26 -0800 Steve Atkins
<steve(_at_)wordtothewise(_dot_)com>
wrote:
ADSP is better than SPF, but it's still not something anyone
should consider deploying widely as a primary means
of deciding to discard inbound email.
Actually, they're complementary. In places where DKIM fails (mailing lists
rewriting messages), SPF can succeed. And in places where SPF fails
(message forwarding), DKIM can succeed.
Messages can have a reasonable level of trust if they achieve either an SPF
pass for a trusted domain, OR an DKIM verification for a trusted signer. Of
course, you still need to check for malware and be wary of messages from
compromised accounts.
Deployment of SPF and DKIM are both low enough that you can't either reject
or discard messages simply because they don't pass or verify. But, we
already give a small negative spam score for SPF softfail and neutral
results, and haven't had any complaints. For DKIM it's harder, but for
certain author domains (including those that publish ADSP discardable, it
might be worth considering downgrading messages - especially when combined
with SPF fail/neutral/softfail).
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html