On Thu, 8 Oct 2015 13:13:57 +0100 RW wrote: > On Tue, 6 Oct 2015 17:05:48 -0400 > Kevin A. McGrail wrote: > > > On 10/6/2015 5:01 PM, Jered Floyd wrote: > > > Ah; good eyes! > > > > > > That KAM_FACEBOOK rule is dangerous. > > The behavior of forwarding content which effectively is the same as > > a forgery is where the danger lies... If this is behavior that users > > are performing, of course then there needs to be appropriate > > reaction but overall, forwarding emails is going to cause issues > > with a ton of domains and should be discouraged entirely. > > > Assuming that Facebook applies DKIM consistently, I think it would be > better to replace: > > (SPF_FAIL + DKIM_ADSP_ALL >=1) > > with > > DKIM_ADSP_ALL && ! (SPF_PASS && __ENV_AND_HDR_FROM_MATCH)
I didn't think that through, there's no scenario where SPF helps, so all that's needed is: meta KAM_FACEBOOKMAIL __KAM_FACEBOOKMAIL2 || __KAM_FACEBOOKMAIL1 && DKIM_ADSP_ALL