Re: opendkim adsp tempfail ?

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 1 Oct 2012 09:58:58 -0700 (PDT)

On Mon, 1 Oct 2012, Benny Pedersen wrote:
> i like to reject unsigned emails that is known to sign, but does not
> self make the adsp policy

Right, and that's what LocalADSP is for. We don't implement a "known to
sign" heuristic, but you can with that setting.

> this is imho what adsp is used for, but it only works if i at the same
> time make sure maillist mails is not rejected becurse of that

The trick there is that there's no way to identify list traffic in a
reliable way. If you give preferential treatment to lists, a spammer or
phisher will just make its mail look like list traffic to get through your
checks.

There is an undocumented feature that will reject mail whose From: domain
advertises an ADSP policy of "discardable" sent to a set of addresses you
specify. This is meant to prevent transactional mail from going to lists.
I don't think this is in use, however, so it's likely to be removed soon
unless someone stands up to defend it.

-MSK
Received on Mon Oct 01 2012 - 16:59:18 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:44 PST