Re: Plans for a DMARC plugin ???

Wed, 30 Apr 2014 06:54:42 -0700 

Am 2014-04-30 14:30, schrieb Mark Martinec:

I agree that a DMARC SpamAssassin plugin would be valuable.

Michael Storz wrote:

How about implementing it in Amavisd-new in addition (I couldn't
resist to ask here too :-)


I think it more naturally fits into SpamAssassin, contributing
to the final score on equal terms with other rules. Also, the bayes

auto-learning in SpamAssassin works best when called from 
SpamAssassin
with the final score results - calling it from amavisd would be a 
hack.


Although amavis does handle DKIM by itself (and passes validation
results to SpamAssassin, thus avoiding duplicate work and possible
breakage due to truncated large mail), it does not know anything
about SPF, and I have no desire to deal with SPF there.

  Mark


Mark,


I think we have to differentiate between a short and a long term 
solution. At the moment we need a SA solution, because of all the false 
positives. But in the future when all of the web forms and mailing lists 
have been forced to change to a DMARC conformant way of sending emails, 
a lot of domain owners will publish DMARC reject policies (I already got 
such request from our customers at least for functional accounts like 
postmaster, webmaster, support etc. after some very convincing phishing 
mails with such addresses landed in the inboxes of their users). At that 
point I think it makes more sense to handle DMARC in amavis than SA, 
because it will be a hard decision between accepting and rejecting 
(DMARC-wise) and I hope it will be faster too (we use prequeue filter). 
Checking of the "accepted" emails if they are ham or spam is then the 
work of SA and could result in a reject because of spaminess.



If amavis would support DMARC now, I already would let it handle 
Paypal, Facebook and some other senders of transactional emails. I am 
seeing very few false positives for this kind of emails.



And thanks for the DKIM support. Without it we would not have switched 
to preque filtering. DKIM gives us the possibility to whitelist most ESP 
emails. Therefore a good amount of traffic will not hit SA, which gives 
us a consistant result for this kind of emails. However, ESP emails will 
be marked, therefore users have a third category of email (ham, spam, 
esp) for their filters.


--
Michael



























					Reply via email to