How do you deal with the case of:
- wanting to whitelist a domain so that emails from it won't get eaten, but
- not having emails forged to appear to be from that domain get bogusly whitelisted
whitelist_from_recvd
looks promising, but then you have to know at
least the TLD of every host that could send you mail from that domain. Often RandomBigCompany.com will outsource email to one or more sending companies (like Constant Contact and the like) in addition to using servers that reverse-resolve to something in its own domain. But it looks like whitelist_from_recvd
can only map to one sending server pattern so that would be problematic.
Is there a way to say something like "if email is from domain X, subtract N points from the spam score"?
The idea would be that if the mail is legit, that -N will all but guarantee it isn't considered spam. But if it is spam, hopefully all the other failed tests will render it spam even with the -N being included.
This is the problem that Sender Policy Framework solves (if it's implemented correctly). The catch is, the sender has to set it up.