yes, everything you say is accurate and correct. We are not looking for perfection in the gathering of statistics, only ballpark.
No one will ever open the bogus, phishing emails because the emails are not attached to a living person. Once the statistic is collected the email is automatically deleted. Think honey pot/greylisting pot that looks at the amount of emails a never before used email address with a highly unique local-part that is not attached to a real person and has never been used to send mail on a domain that is also very unique that only accepts email for a select whitelist of addresses. What is the guess that it will be flooded with spam? That is what we are setting out to ascertain. On 01/19/2018 09:43 AM, David Jones wrote: > On 01/19/2018 08:30 AM, Chip wrote: >> Good question. >> >> Saying why I care about spf and dkim but not spam sounds contradictory, >> I know. >> >> The reason is because this project doesn't care if spam arrives, only if >> the spam or email (even authenticated properly email) is spoofed. >> > > How are you going to determine that? You need to facter in the > spamminess to determine if something spoofed or else you will need to > manually check every email and it's headers. > > Spammers can spoof Paypal or Bank Of America using their own domain > with perfect SPF and DKIM and your system would put it in the pass > folder. > > Also, compromised accounts from normally good domains will have > passing SPF and DKIM and end up in your pass folder but could be a > dangerous phishing email. >
