--On 22 November 2010 09:25:26 -0800 Steve Atkins <st...@wordtothewise.com> wrote:
> > ADSP is better than SPF, but it's still not something anyone > should consider deploying widely as a primary means > of deciding to discard inbound email. Actually, they're complementary. In places where DKIM fails (mailing lists rewriting messages), SPF can succeed. And in places where SPF fails (message forwarding), DKIM can succeed. Messages can have a reasonable level of trust if they achieve either an SPF pass for a trusted domain, OR an DKIM verification for a trusted signer. Of course, you still need to check for malware and be wary of messages from compromised accounts. Deployment of SPF and DKIM are both low enough that you can't either reject or discard messages simply because they don't pass or verify. But, we already give a small negative spam score for SPF softfail and neutral results, and haven't had any complaints. For DKIM it's harder, but for certain author domains (including those that publish ADSP discardable, it might be worth considering downgrading messages - especially when combined with SPF fail/neutral/softfail). -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html