On Friday, September 18, 2015 04:59 PM CDT, "Bill Cole" 
<postfixlists-070...@billmail.scconsult.com> wrote:

> On 18 Sep 2015, at 14:29, Bruce Marriner wrote:
>
> > So I want to be able to set up Postfix so, if it passes DKIM or other
> > checks that give me a high confidence then just skip the postgrey 
> > stuff
> > entirely.
>
> In what exactly does a valid DKIM signature give you high confidence? I
> suspect that this is misplaced...
>
> All a DKIM signature validation tells you is that a message was in fact
> signed at the mail system where it claimed to have been signed by an 
> entity in control of the DNS for the domain identified the signature and
> that none of the message fields specified in the DKIM header have been
> changed in transit. Looking at the spam that has made it through my 
> filters this year, I see that 27% of those messages had a valid DKIM 
> signature, because in fact any spammer who can open a Yahoo account or
> register a domain can send mail with a valid DKIM signature.


Ah, well.  I think you might be right about misplaced.  I've been reading about 
this all day learning it and I've started to realize the same thing.  I would 
like

Now, why can't all the spammers just add a ThisIsSpam header.  Sure would make 
my life easier :)

I'd still like to reduce my dependency on postgrey.  So, if has valid SPF, 
valid DKIM, has a low SpamAssassin score, <insert other possible test heres> 
then I could skip it without raising spam too much, or at all :).

Postgrey just works so well :) I mean, if I have that on I get almost no spam.  
But sometimes somethings that should come though don't and many things are 
delayed.  When I turn it off, I get tons of spam.

So, I need to start adding more stuff into the mix like SpanAssassin, SPF, 
DKIM, whatever so I can reduce my Postgrey dependency a little.

My first few google searches were covered in the DKIM/SPF stuff so I guess  
that's where I've started first.




Reply via email to