On Wed, Jun 22, 2016, at 05:26 AM, A. Schulze wrote:
> > On-SignatureError
> it implies that any message with a invalid DKIM signature will be
> rejected by OpenDKIM.
Hm. That's what I though On-BadSignature does, too. What's the difference?
> no, what I mean is:
>
...
> but not reject any message
...
> but not reject any message
...
> (your instances above) and let this instance decide if a message will
> be accepted or rejected.
Got it. At least the 'doing' part. I'm still undecided/unclear on the experience/recommendation of also rejecting early on SPF- & DKIM- fails.
> we usually only run
...
> Notice that OpenDMARC ( latest Version 1.3.1 + a huge number of patches)
Yep, found those. Thanks!
> could do job of SPF checking. see https://andreasschulze.de/dmarc/opendmarc
The reason I did NOT do this was BECAUSE I'd thought it was best to "test light & test early" with SPF_only reject-on-FAIL etc.
Still need to get my head around what's real-world-recommended and, "why".
Thanks!
Jason
Received on Wed Jun 22 2016 - 13:59:18 PST