top | item 36678900

(no title)

Yes - it's emails that hit a certain pre-determined spam assassin threshold (see Note B). But this is fairly easy to circumvent (spammers/phishers are especially good at it) and the threshold is reasonably high.

All in all this means the vast majority of emails don't have these headers included in webhooks, and we have plenty of examples of spoofed emails for our own domain (invalid SPF/DKIM and failed DMARC) that get through without triggering spam assassin.

This simplest way to verify this is to store the value of these headers along with all inbound emails hitting your webhooks, you'll quickly see they are missing the majority of the time.

discuss

No comments yet.