DMARC, SPF and DKIM
jason at jasonjgw.net
Thu Dec 24 13:00:35 AEDT 2015
Russell Coker <russell at coker.com.au> wrote:
> I use opendkim to check DKIM and also sign outbound messages. In almost all
> cases the program that signs messages will also check messages - assuming you
> use the same server for inbound and outbound mail.
I'm using opendkim as well (in both directions, naturally).
> I use the Debian package postfix-policyd-spf-perl for SPF checks.
Thanks - I'll look at it.
> I think that SpamAssassin does SPF checks by default and you can also configure
> it to use DKIM check results to add to the score (if you don't want to just
> reject mail that fails DKIM).
Another interesting option reviewed by lwn.net earlier in the year is rspamd -
designed to be more modular than Spamassassin.
It's on my list of tools to investigate.
> Most mailing lists break SPF and DKIM so a reject will cause you some problems
> if you use many lists.
I do, but quarantine would have a similar effect (some of my mailing list
posts would enter recipients' spam folders).
> That's only if the header is modified for the mail to be "from" the list.
> Doing that requires a recent version of Mailman (in this case Debian/Jessie
> not Debian/Wheezy) and being willing to turn it on.
I hope more mailing list administrators upgrade and enable such options. The
combination of DKIM, SPF and DMARC has the potential to provide a much
increased ability to discern legitimate messages and to deal with the
More information about the luv-main