On Tue, Nov 07, 2006 at 04:24:59PM +0900 or thereabouts, Georgi Georgiev wrote:
> I ain't no dev, but how is this trivial? A typical scenario is: a  
> gentoo-dev sends an e-mail to a mailing list (a non-gentoo mailing  
> list) and that mail gets nuked by a greedy spam filter because the SPF  
> rules exclude (oh well, "do not specifically include") the server that  
> forwards the mailing list message.

I'm not trying to pick on Georgi, but can we please be realistic about the
true impact of this?  So far, we've identified one application
(SpamAssassin) that incorrectly interprets a neutral SPF record.  As a
result, it adds 1.1 to the overall SA score.

Different people have different thresholds for spam filtering, surely, but
nobody in their right mind is going to start dropping mails with a positive
score of 1.1.  The default out of the box is (I think) 5.5.  So the message
is still marked as 80% clean.  Even if you want to be ultra aggressive and
drop mail based on a score in the 3-ish range, this SPF issue still won't
even get the message a third of the way towards hitting that threshold.


Attachment: pgpqvcAnFsheC.pgp
Description: PGP signature

Reply via email to