Devin Reade wrote on 12/19/16 12:59:
You might also want to look at bgp-spamd.
Yes, this was on my radar for quite some time. However, my simple spamd setup with assistance from the zen.spamhaus.org DNSBL has been extremely effective. It's nice to know we've got more big guns if needed.
With respect to dealing with SPF, the simple solution (permitting an IP if it is on the sending domain's SPF list) doesn't work too well in the general case since it appears many spammers publish SPF records.
You're right. When I ran ruby-spf against the the TRAPPED IPs in my spamdb, a surprising number passed SPF (like 15%). On the other hand, one of the popular email domains from our customer DB is @att.net, which doesn't even publish SPF. After some real life testing against our client email DB, I determined SPF was not effective in filtering spam for us. If it is used, it should be a small factor at best.
