Because some spammers and senders of bulk email have begun using SPF or signing messages with a valid DKIM signature, the fact that a message is signed and verified is no guarantee that you won't consider it to be spam, even though it does ensure that the message originated from a valid source. For this reason, a message's spam score will not be lowered as a result of SPF or DKIM verification unless the domain taken from the signature is on the Approved List. This is essentially a white list that you can use to designate domains permitted to have their messages' spam scores reduced when those incoming messages are verified.

When a message signed by one of these domains is verified by SPF or DKIM, its spam score will be reduced according to the settings found on the SPF and DKIM Verification screens. You can, however, append any of the flags listed below if you wish to prevent either of those verification methods from reducing the score. There is also a flag that you can use to prevent verified messages from being passed through the Spam Filter.

 

DMARC and the Approved List

DMARC Verification also utilizes the Approved List, which can white list based on verified DKIM identifiers and SPF paths from sources you trust. So, for example, if a message arrives that fails the DMARC check but has a valid DKIM signature from a domain on the Approved List, the message is not subject to punitive DMARC policy (i.e..the message is treated as if the policy were "p=none"). The same happens if SPF path verification matches a domain on the Approved List.