On Sat, 9 Apr 2016 14:50:00 -0400 Alex wrote: > I'm just now realizing that the DMARC rules I have been using are not > part of spamassassin proper. In fact, there are apparently no DMARC > rules as part of spamassassin. Why is that?
Doing it properly needs new code, and no-one has done it. > The rules I'm using are quite dated and I'm now questioning whether > they're correct. How are people using DMARC with spamassassin? I've updated Christian Laußat's rules for my own use to take account of relaxed alignment, and reduce mailing-list FPs. http://pastebin.com/gr41CvCc An author signature is now only needed if the alignment is strict, or the from domain is on a (currently short) list that's known to pass DKIM_VALID_AU. Otherwise any valid signature will do, or any signature if there's a list-id header. Since it sees unlikely that anyone would publish a restrictive policy without adding a DKIM signature, I've added a couple of meta-rules to punish that. > I recall some time ago there being a conversation about a DMARC > plugin. Was that ever completed? Is it necessary? I suspect not because spammers change their behaviour to work around it. What I'm seeing is that Yahoo sets a reject policy and all the spam that claims to be from yahoo has gone through their servers. Gmail is being spoofed, but they only set a "none" policy. Live.com sets a "none" policy but without even adding a DKIM header which make DMARC_FAIL_NONE hard to score in general. I might split DMARC_FAIL_NONE into two. As far as fraud is concerned, spammers have long since discovered that they don't need to make detection easy by spoofing a company's actual email domain.