On Thu, Oct 21, 2010 at 10:18:46AM -0400, Jerry wrote: > On Thu, 21 Oct 2010 21:52:38 +0800 > Denny Lin <dennyli...@hs.ntnu.edu.tw> articulated: > > > Oh yeah, I forgot to mention that. A better solution would be to check > > the rDNS or SPF record and do sender verification if it doesn't match. > > Actually, "SPF" has been going out of vogue for awhile now and sensible > mail admins do not make accept/deny decisions entirely on pass/fail of > SPF tests. Many SAs are finding it causes more problems than it solves. > When added to the fact that its use is by no means universal, its > continued use is seriously in doubt. In other words, "Use at your own > risk." There are, as has been pointed out, better methods available.
True, that's why I only use it to verify whether sender verification should be done (at least it can tell me if the mail was sent from Gmail servers, etc.). -- Denny Lin
