[CentOS] Re: DKIM

Wed Sep 24 21:17:35 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 9-24-2008 1:03 PM Bob Hoffman spake the following:
>> Besides, in the OP case, SPF will change nothing for mail 
>> getting out of his server, since his sender domain matches 
>> his client domain (this is what gmail calls "guessed SPF"), 
>> and in addition, his client is the MX of his domain, so he is 
>> not going to forge his own domain on his own server.
> Read a few dozen sites since the last post. The reason behind spf is as
> follows...i guess.
> SPF says 'this domain and this ip sendmails' and you should say 'reject any
> mails you (yahoo, gmail, etc) receive that are not from 'this domain or this
> ip'
> The ip can be one or many. The domains can be one or many.
> What they are looking for is 'are you helping them weed out their own spam?'
> If someone forges your address, yahoo will then go to your site and find out
> that only 'this ip and this mail server' can send mail. If the mail they got
> is not agreeing with that, they crush it.
> This tells yahoo you are somewhat trying to help and then they whitelist it,
> so to speak. Not doing this will tell yahoo you want 'any mail from anywhere
> with my email address or domains' to be accepted.
> Since they do not like that, immediate greylist.
> So, it is about helping them deal with forgeries and not much else. Many
> servers ignore or do not use it. From what I read, you should have it.
Since a valid spf record cane take all of 5 minutes to write, I don't see it 
as a big deal. Now DKIM takes a little longer.
If it lets my boss send mail to whoever, that is also a plus.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080924/7d93f52d/attachment-0005.sig>