DMARC, SPF and DKIM

Jason White jason at jasonjgw.net
Thu Dec 24 13:00:35 AEDT 2015


Russell Coker <russell at coker.com.au> wrote:
 
> I use opendkim to check DKIM and also sign outbound messages.  In almost all 
> cases the program that signs messages will also check messages - assuming you 
> use the same server for inbound and outbound mail.
> 

I'm using opendkim as well (in both directions, naturally).

> I use the Debian package postfix-policyd-spf-perl for SPF checks.
> 

Thanks - I'll look at it.
> I think that SpamAssassin does SPF checks by default and you can also configure 
> it to use DKIM check results to add to the score (if you don't want to just 
> reject mail that fails DKIM).
> 

Another interesting option reviewed by lwn.net earlier in the year is rspamd -
designed to be more modular than Spamassassin.

It's on my list of tools to investigate.
 
> Most mailing lists break SPF and DKIM so a reject will cause you some problems 
> if you use many lists.
> 

I do, but quarantine would have a similar effect (some of my mailing list
posts would enter recipients' spam folders).
 
> That's only if the header is modified for the mail to be "from" the list.  
> Doing that requires a recent version of Mailman (in this case Debian/Jessie 
> not Debian/Wheezy) and being willing to turn it on.


I hope more mailing list administrators upgrade and enable such options. The
combination of DKIM, SPF and DMARC has the potential to provide a much
increased ability to discern legitimate messages and to deal with the
remainder appropriately.



More information about the luv-main mailing list