Jim Fenton wrote:
Scott Kitterman wrote:
I've not looked into the Spamassassin implementation, but I'd imagine tagging
messages from known signers such as Yahoo! that didn't have a signature might
be useful.
We're considering doing this for a few domains (eBay comes to mind) once
we have reliable confirmation that the domains both (i) think they want
us to do it, and (ii) are reliably signing things so we can do it
without creating a support nightmare for us because of problems at the
signing domain.
I haven't looked into the Spamassassin implementation either, but a
useful capability would be to allow creation of a local whitelist of
known reliable domains. If messages coming from one of these domains is
authenticated (using whatever technology), give it a positive score or
bypass content filtering entirely. This doesn't require the use of any
policy mechanism, and helps with the false positives problem.
We've done this since day one for DKIM, a couple years ago for SPF and
recently for DK (I was hoping it would die faster).
SA 3.2.0 also includes a "whitelist_auth" option that allows you to
whitelist based on DKIM/DK/SPF without the user having to know which of
DKIM/DK/SPF the domain uses.
Daryl
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com