Re: Checking for SPF & DKIM Checks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matus UHLAR - fantomas wrote:[color=blue][color=green][color=darkred]
>>> On 10.11.08 04:11, Byung-Hee HWANG wrote:
>>>> Well, i don't care. I accept the emails passed by DKIM, anyway..[/color][/color]
>[color=green]
>> Matus UHLAR - fantomas wrote:[color=darkred]
>>> so you intentionally create false negatives just because they are DKIM
>>> signed?[/color][/color]
>
> On 10.11.08 07:34, Byung-Hee HWANG wrote:[color=green]
>> My answer is "Yes" if i should say. Because of the spam case is the
>> concern of the hosting, not DKIM. Yahoo and Google are trying for the
>> such spam case.[/color]
>[color=green]
>> Let's get serious. If you had reading specs of RFC4408 and RFC4871, you
>> know the role of both SPF and DKIM. Exactly both SPF and DKIM are tools
>> for anti-pishing, not anti-spam (at here i defined the term "SPAM" as
>> "UCE"). Sometimes we received the spam passed DKIM from Yahoo and
>> Google. However. We have no way to stop the such spam in this time.
>> Because stopping the such spam is not DKIM's scope.[/color]
>
> I _know_ the scope of SPF and DKIM. They both don't say that mail is ham or
> the spam, they only say if it's forged:[/color]
[...snip...]
The above statement is what i wanted to hear from you ;;

[...snip...][color=blue]
> Giving them that big negative (well... low) score is just stupid.
>
> I strongly advise you to remove that customisation and let other rules do
> their job. Otherwise you'll get flooded by spammers who DKIM-sign their
> spam.[/color]

Thanks for advice. But, nevertheless, i'll keep the score "-45.3" for
DKIM_VERIFIED. That's only my concern. OK, if you want to see my the
customization, see following:

<URL:http://izb.knu.ac.kr/~bh/stuff/izb-spamassassin-local.cf.example>

byunghee

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkXfUwACgkQsCouaZaxlv6KAQCgikobNguI/oKoPoRidsqUBMUl
nVkAn0X0Ts+iexnqmMOJWhn/jtNWM4Sq
=/cSL
-----END PGP SIGNATURE-----