> On 21.04.21 00:11, RW wrote: > >Anything that enters through through the remote trusted network and > >hits ALL_TRUSTED will almost certainly pass whatever authentication > >mechanism are set-up for the domain. > > > >The difference between ALL_TRUSTED and ALL_INTERNAL will likely be > >small. There are minor advantages either way. > > the diference would be, ALL_TRUSTED covers mail from trusted, but not > internal hosts, that are trusted not to fake headers, but still may > send spam.
Unless a dynamic pool has been put into the trusted network, this is about authenticated relays. Spammers gain access to third-party accounts to pass authentication tests - not to spam with a random domain that will fail such tests.