If I implement SPF and have other servers (external providers) that sent email with my domain i simply put that server in spf record adding to the efa server ip
But if i use dkim with efa and i put dns info i have the problem that external providers that sent mail for me doesnt provide dkim info in header and so they will be considered spam
it it right ?
DKIM Question
Re: DKIM Question
No.
A valid DKIM header doesn't mean spam or not spam, it is just an additional weighting factor used by spamassassin to determine the legitimacy of the message.
Using it allows other mail systems to trust the message more, so messages sent on your behalf by other providers without DKIM will be considered more likely to be spam. (How much more so? I'll tell you tomorrow when I am at a computer)
A valid DKIM header doesn't mean spam or not spam, it is just an additional weighting factor used by spamassassin to determine the legitimacy of the message.
Using it allows other mail systems to trust the message more, so messages sent on your behalf by other providers without DKIM will be considered more likely to be spam. (How much more so? I'll tell you tomorrow when I am at a computer)
Re: DKIM Question
So, sending a DKIM signed message into my system results in the following spam score
for a total score change of -0.1
The descriptions are
In /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_dkim.cf I found the following comment
Does that answer your question?
Code: Select all
DKIM_SIGNED 0.10,
DKIM_VALID -0.10,
DKIM_VALID_AU -0.10The descriptions are
Code: Select all
describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
describe DKIM_VALID Message has at least one valid DKIM or DK signature
describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domainSo that's how spamassassin/efa handle DKIM signatures. How other systems handle it, I don't know. I think SPF is more important than DKIM in determining whether something is a valid message or not.# Note: DKIM_SIGNED, DKIM_VALID and DKIM_VALID_AU are mainly informational
# rules, and can serve as a basis for meta rules; it is not difficult for a
# sender to cause hits on them or to prevent them from firing, so their score
# should be kept low.
Does that answer your question?
Re: DKIM Question
I've built a few extra rules around it to give you some ideas
- if Bayes_0 or Bayes_00 or Bayes_WL and valid SPF + DKIM then score lowered
And then some more rules which depend on the above:
i.e. if email on more than 2 whitelists and coming from a preferred country and above rule, then further lower score.
- if Bayes_0 or Bayes_00 or Bayes_WL and valid SPF + DKIM then score lowered
And then some more rules which depend on the above:
i.e. if email on more than 2 whitelists and coming from a preferred country and above rule, then further lower score.
Re: DKIM Question
That's not a bad idea. I think it'd be unlikely that spam has a low spam score and a valid dkim + spf.
Re: DKIM Question
oh btw. if you are also using dmarc you need to pay attention:
i.e. I usually set dmarc to action=none to check all systems sending email for me and then either make them all use DKIM too or relay through an SMTP server which does sign with DKIM. then after a while I set it to action: quarantine and slowly raise the percentage until all emails failing dmarc setting are quarantined.
a nice tool to use and learn from is http://dmarcian.com (free with some limitations)
i.e. I usually set dmarc to action=none to check all systems sending email for me and then either make them all use DKIM too or relay through an SMTP server which does sign with DKIM. then after a while I set it to action: quarantine and slowly raise the percentage until all emails failing dmarc setting are quarantined.
a nice tool to use and learn from is http://dmarcian.com (free with some limitations)